USN-669-1: gnome-screensaver vulnerabilities

11-11-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-669-1: gnome-screensaver vulnerabilities

Referenced CVEs:
CVE-2007-6389, CVE-2008-0887

Description:
===========================================================Ubuntu Security Notice USN-669-1 November 11, 2008gnome-screensaver vulnerabilitiesCVE-2007-6389, CVE-2008-0887===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: gnome-screensaver 2.14.3-0ubuntu1.1Ubuntu 7.10: gnome-screensaver 2.20.0-0ubuntu4.3After a standard system upgrade you need to restart all user sessions onyour computer to effect the necessary changes.Details follow:It was discovered that the notify feature in gnome-screensaver could leta local attacker read the clipboard contents of a locked session byusing Ctrl-V. (CVE-2007-6389)Alan Matsuoka discovered that gnome-screensaver did not properly handlenetwork outages when using a remote authentication service. During anetwork interruption, or by disconnecting the network cable, a localattacker could gain access to locked sessions. (CVE-2008-0887)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

gnome-about(1) User Commands gnome-about(1) NAME
gnome-about - display GNOME introductory information SYNOPSIS
gnome-about [--gnome-version] [gnome-std-options] DESCRIPTION
The GNOME introductory dialog displays a list of the GNOME contributors, and provides links to some useful GNOME websites. OPTIONS
The following options are supported: --gnome-version Display information on this GNOME version. gnome-std-options Standard options available for use with most GNOME applications. See gnome-std-options(5). EXAMPLES
Example 1: Displaying the GNOME introductory information example% gnome-about EXIT STATUS
The following exit values are returned: 0 Application exited successfully >0 Application exited with failure FILES
The following files are used by this application: /usr/bin/gnome-about Executable for GNOME introductory information display. /usr/share/gnome-about/gnome-version.xml XML source of GNOME version, build date and introductory text for the application. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWgnome-panel | +-----------------------------+-----------------------------+ |Interface stability |Volatile | +-----------------------------+-----------------------------+ SEE ALSO
attributes(5), gnome-std-options(5) Latest version of the GNOME Desktop User Guide for your platform. NOTES
The gnome-version.xml file format is classified as Volatile and its stability should not be relied upon. Written by Mark McLoughlin, updated by Brian Cameron, Sun Microsystems Inc., 2003, 2006, 2007. SunOS 5.11 09 Nov 2007 gnome-about(1)

Security Advisories (RSS)

USN-669-1: gnome-screensaver vulnerabilities

LEARN ABOUT OPENSOLARIS

gnome-about