[USN-866-1] gnome-screensaver vulnerability



===========================================================
Ubuntu Security Notice USN-866-1 December 07, 2009
gnome-screensaver vulnerability
https://launchpad.net/bugs/411350
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
gnome-screensaver 2.28.0-0ubuntu3.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that gnome-screensaver did not always re-enable itself
after applications requested it to ignore idle timers. This may result in the
screen not being automatically locked after the inactivity timeout is
reached, permitting an attacker with physical access to gain access to an
unlocked session.


Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1.diff.gz
Size/MD5: 13327 f2c77fbb875fa28d1c44d39936232927
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1.dsc
Size/MD5: 1756 cdcdd23a16e1d25d6940e5340f6eb760
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0.orig.tar.gz
Size/MD5: 5069053 cdf328a0443a3cc30b4b2b36d9a99236

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_amd64.deb
Size/MD5: 4185376 942a077f04675c8d27c5d55e826b039b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_i386.deb
Size/MD5: 4168922 a3ca1ae6e3274795a0d2aff0a4b94a6f

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_lpia.deb
Size/MD5: 4169780 e9e90dfe93ebd18c13808e5f0bf83f4c

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_powerpc.deb
Size/MD5: 4179392 d0ae3da6337a4fb8b71dd0ef36f4692d

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_sparc.deb
Size/MD5: 4177782 ee55f5f5f3ac0e4867cd9e8c1bc450f6



Attachment: signature.asc
Description: This is a digitally signed message part



Relevant Pages

  • [Full-disclosure] [USN-1010-1] OpenJDK vulnerabilities
    ... A security issue affects the following Ubuntu releases: ... If an attacker could perform a man in the middle ... java applet or application. ... amd64 architecture: ...
    (Full-Disclosure)
  • [Full-disclosure] [USN-1085-2] tiff regression
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... USN-1085-1 fixed vulnerabilities in the system TIFF library. ... i386 architecture: ...
    (Full-Disclosure)
  • [USN-1085-2] tiff regression
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... USN-1085-1 fixed vulnerabilities in the system TIFF library. ... i386 architecture: ...
    (Bugtraq)
  • [Full-disclosure] [USN-853-1] Firefox and Xulrunner vulnerabilities
    ... A security issue affects the following Ubuntu releases: ... Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it ... A local attacker could exploit this to create or overwrite ... amd64 architecture: ...
    (Full-Disclosure)
  • [USN-853-1] Firefox and Xulrunner vulnerabilities
    ... A security issue affects the following Ubuntu releases: ... Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it ... A local attacker could exploit this to create or overwrite ... amd64 architecture: ...
    (Bugtraq)