Referenced CVEs:
CVE-2010-0285, CVE-2010-0422
Description:
===========================================================Ubuntu Security Notice USN-907-1 March 08, 2010gnome-screensaver vulnerabilitiesCVE-2010-0285, CVE-2010-0422===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: gnome-screensaver 2.24.0-0ubuntu2.1Ubuntu 9.04: gnome-screensaver 2.24.0-0ubuntu6.1Ubuntu 9.10: gnome-screensaver 2.28.0-0ubuntu3.5After a standard system upgrade you need to restart your session to effectthe necessary changes.Details follow:It was discovered that gnome-screensaver did not correctly lock all screenswhen monitors get hotplugged. An attacker with physical access could usethis flaw to gain access to a locked session. (CVE-2010-0285)It was discovered that gnome-screensaver did not correctly handle keyboardgrab when monitors get hotplugged. An attacker with physical access coulduse this flaw to gain access to a locked session. This issue only affectedUbuntu 9.10. (CVE-2010-0422)
More...
