Mandriva 1271 Published by

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:071
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xscreensaver
Date : April 11, 2006
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

Rdesktop, with xscreensaver < 4.18, does not release the keyboard focus
when xscreensaver starts, which causes the password to be entered into
the active window when the user unlocks the screen.

Updated xscreensaver packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2655
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
7fca69b43dc054e02d1e635558a2871f corporate/3.0/RPMS/xscreensaver-4.14-4.1.C30mdk.i586.rpm
fcf51ed223e82ab32136b0ab40348300 corporate/3.0/RPMS/xscreensaver-extrusion-4.14-4.1.C30mdk.i586.rpm
edfeccdb0f1406af612d97a7e0ee5a62 corporate/3.0/RPMS/xscreensaver-gl-4.14-4.1.C30mdk.i586.rpm
d6c61c9ea67ee99f619c9abaa96ec133 corporate/3.0/SRPMS/xscreensaver-4.14-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
a03034b99a097249c616935bc5e9706c x86_64/corporate/3.0/RPMS/xscreensaver-4.14-4.1.C30mdk.x86_64.rpm
ca12d4e28f3db44a9018dbc19b8243e9 x86_64/corporate/3.0/RPMS/xscreensaver-extrusion-4.14-4.1.C30mdk.x86_64.rpm
1d7534873b19a4497e7f577c03585460 x86_64/corporate/3.0/RPMS/xscreensaver-gl-4.14-4.1.C30mdk.x86_64.rpm
d6c61c9ea67ee99f619c9abaa96ec133 x86_64/corporate/3.0/SRPMS/xscreensaver-4.14-4.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEO9hxmqjQ0CJFipgRAtfBAJwPYpCzrJ/7hjTnt0iU+SYqKaqyeQCeIExF
T99DEOoyfBJFS246nMBXdtI=
=7+xb
-----END PGP SIGNATURE-----