Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Ubuntu :: va1804.htm

gnome-screensaver vulnerabilities
gnome-screensaver vulnerabilities
gnome-screensaver vulnerabilities

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

==========================================================Ubuntu Security Notice USN-669-1          November 11, 2008
gnome-screensaver vulnerabilities
CVE-2007-6389, CVE-2008-0887
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gnome-screensaver               2.14.3-0ubuntu1.1

Ubuntu 7.10:
  gnome-screensaver               2.20.0-0ubuntu4.3

After a standard system upgrade you need to restart all user sessions on
your computer to effect the necessary changes.

Details follow:

It was discovered that the notify feature in gnome-screensaver could let
a local attacker read the clipboard contents of a locked session by
using Ctrl-V. (CVE-2007-6389)

Alan Matsuoka discovered that gnome-screensaver did not properly handle
network outages when using a remote authentication service. During a
network interruption, or by disconnecting the network cable, a local
attacker could gain access to locked sessions. (CVE-2008-0887)

Updated packages for Ubuntu 6.06 LTS:

  Source archives: 
      Size/MD5:    14632 858a17bd71cf1969f89c9f7248840e0b 
      Size/MD5:     1515 100a66b14d50912bd73b49b6915d849b 
      Size/MD5:  2122211 9c95c9d0ad4c44a215546dd4b95992b0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon): 
      Size/MD5:  1502090 d5bfdd6505afe949c6414fb01dab0bb9

  i386 architecture (x86 compatible Intel/AMD): 
      Size/MD5:  1483824 bcb42c8bb0a73fbc06c5a465a75fa299

  powerpc architecture (Apple Macintosh G3/G4/G5): 
      Size/MD5:  1499086 d7e65422d70d2ff6405b0472f03b1c1f

  sparc architecture (Sun SPARC/UltraSPARC): 
      Size/MD5:  1486326 bff6d9f48780721f2621a0c6895aa143

Updated packages for Ubuntu 7.10:

  Source archives: 
      Size/MD5:    25605 044d070d183f0e073dc1ac81945b0cc5 
      Size/MD5:     1695 472b10fdbd46177cbe20b58350265d64 
      Size/MD5:  2320018 db71d89c66fa3a96b3b276403b5bb723

  amd64 architecture (Athlon64, Opteron, EM64T Xeon): 
      Size/MD5:  1587388 6655526c8225d3b139eb36c1cbbf948a

  i386 architecture (x86 compatible Intel/AMD): 
      Size/MD5:  1570386 456e6a56f46efac8de675aa906bf70c2

  lpia architecture (Low Power Intel Architecture): 
      Size/MD5:  1569166 c7f1ce8eeee0127cd557a78cf9591b36

  powerpc architecture (Apple Macintosh G3/G4/G5): 
      Size/MD5:  1606010 a65b33b3a95a7d23bcbdd5e894785852

  sparc architecture (Sun SPARC/UltraSPARC): 
      Size/MD5:  1576698 1566098fa61738a75ecaf0c98886eac1

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

Version: GnuPG v1.4.9 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH