USN-688-1: Compiz vulnerability

12-08-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-688-1: Compiz vulnerability

Description:
=========================================================== Ubuntu Security Notice USN-688-1 December 09, 2008 compiz-fusion-plugins-main vulnerability https://launchpad.net/bugs/247088 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: compiz-fusion-plugins-main 0.5.2+git20070928-0ubuntu2.2 Ubuntu 8.04 LTS: compiz-fusion-plugins-main 0.7.4-0ubuntu6.2 Ubuntu 8.10: compiz-fusion-plugins-main 0.7.8-0ubuntu2.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that the Expo plugin for Compiz did not correctly restrict the screensaver window from being moved with the mouse. A local attacker could use the mouse to move the screensaver off the screen and gain access to the locked desktop session underneath. Default installs of Ubuntu were not vulnerable as Expo does not come pre-configured with mouse bindings.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

ssh-import-id(1) ssh-import ssh-import-id(1) NAME
ssh-import-id - retrieve one or more public keys from a public keyserver (Launchpad.net by default) and append them to the current user's authorized_keys file (or some other specified file) SYNOPSIS
ssh-import-id [options] USER_ID_1 [USER_ID_2] ... [USER_ID_n] OPTIONS
-h | --help usage -o | --output F write output to file 'F' (default ~/.ssh/authorized_keys, use "-" for standard out) DESCRIPTION
This utility will securely contact a public keyserver (https://launchpad.net by default) and retrieve one or more user's public keys, and append these to the current user's ~/.ssh/authorized_keys file. The system administrator can change the source URL used by ssh-import-id(1) by editing the configuration file, /etc/ssh/ssh_import_id, which is sourced to obtain the value of URL. By default, URL="https://launchpad.net/~%s/+sshkeys". Note that this url really MUST be a secure, https url with a valid, signed certificate or else your system will be vulnerable to man-in-the-middle attacks! The "%s" will be populated by ssh-import-id(1) with the value(s) of USER_ID_1 [USER_ID_2] ... [USER_ID_n]. SEE ALSO
ssh(1) FILES
/etc/ssh/ssh_import_id AUTHOR
This manpage and the utility was written by Dustin Kirkland <kirkland@canonical.com> for Ubuntu systems (but may be used by others). Per- mission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 published by the Free Software Foundation. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. ssh-import 23 Feb 2010 ssh-import-id(1)

Security Advisories (RSS)

USN-688-1: Compiz vulnerability

LEARN ABOUT LINUX

ssh-import-id