USN-669-1: gnome-screensaver vulnerabilities
Posted on: 11/11/2008 09:30 PM

A new gnome-screensaver vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-669-1 November 11, 2008
gnome-screensaver vulnerabilities
CVE-2007-6389, CVE-2008-0887
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
gnome-screensaver 2.14.3-0ubuntu1.1

Ubuntu 7.10:
gnome-screensaver 2.20.0-0ubuntu4.3

After a standard system upgrade you need to restart all user sessions on
your computer to effect the necessary changes.

Details follow:

It was discovered that the notify feature in gnome-screensaver could let
a local attacker read the clipboard contents of a locked session by
using Ctrl-V. (CVE-2007-6389)

Alan Matsuoka discovered that gnome-screensaver did not properly handle
network outages when using a remote authentication service. During a
network interruption, or by disconnecting the network cable, a local
attacker could gain access to locked sessions. (CVE-2008-0887)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3-0ubuntu1.1.diff.gz
Size/MD5: 14632 858a17bd71cf1969f89c9f7248840e0b
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3-0ubuntu1.1.dsc
Size/MD5: 1515 100a66b14d50912bd73b49b6915d849b
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3.orig.tar.gz
Size/MD5: 2122211 9c95c9d0ad4c44a215546dd4b95992b0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 1502090 d5bfdd6505afe949c6414fb01dab0bb9

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3-0ubuntu1.1_i386.deb
Size/MD5: 1483824 bcb42c8bb0a73fbc06c5a465a75fa299

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 1499086 d7e65422d70d2ff6405b0472f03b1c1f

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.14.3-0ubuntu1.1_sparc.deb
Size/MD5: 1486326 bff6d9f48780721f2621a0c6895aa143

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0-0ubuntu4.3.diff.gz
Size/MD5: 25605 044d070d183f0e073dc1ac81945b0cc5
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0-0ubuntu4.3.dsc
Size/MD5: 1695 472b10fdbd46177cbe20b58350265d64
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0.orig.tar.gz
Size/MD5: 2320018 db71d89c66fa3a96b3b276403b5bb723

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0-0ubuntu4.3_amd64.deb
Size/MD5: 1587388 6655526c8225d3b139eb36c1cbbf948a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0-0ubuntu4.3_i386.deb
Size/MD5: 1570386 456e6a56f46efac8de675aa906bf70c2

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver=
_2.20.0-0ubuntu4.3_lpia.deb
Size/MD5: 1569166 c7f1ce8eeee0127cd557a78cf9591b36

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0-0ubuntu4.3_powerpc.deb
Size/MD5: 1606010 a65b33b3a95a7d23bcbdd5e894785852

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.20.0-0ubuntu4.3_sparc.deb
Size/MD5: 1576698 1566098fa61738a75ecaf0c98886eac1



--=-4IVhQM1uIY3V+c53vAYj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkkZ6YMACgkQLMAs/0C4zNqEIQCdEUWEt3CYBpeUaE+twytiUGPA
g/gAnRoDkRs4ytcBYz2oK0i1G2Exq61n
=WxiA
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_669_1_gnome_screensaver_vulnerabilities.html)