Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-269-1: xscreensaver vulnerability
Posted by Bob on: 04/11/2006 02:52 PM [ Print | 0 comment(s) ]
A new xscreensaver vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-269-1 April 11, 2006
xscreensaver vulnerability
CVE-2004-2655
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
xscreensaver
xscreensaver-gl
xscreensaver-gnome
xscreensaver-nognome
The problem can be corrected by upgrading the affected package to
version 4.16-1ubuntu3.1 (for Ubuntu 4.10), or 4.16-1ubuntu11.1 (for
Ubuntu 5.04). After a standard system upgrade you need to restart your
session to effect the necessary changes.
Details follow:
In some cases, xscreensaver did not properly grab the keyboard when
reading the password for unlocking the screen, so that the password
was typed into the currently active application window.
The only known vulnerable case was when xscreensaver activated while
an rdesktop session was currently active.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.diff.gz
Size/MD5: 529361 213c8f135c4571b7a7166f6dd9ad8c23
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.dsc
Size/MD5: 826 f0d1078ed40504e6127c7f89eca383ae
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16.orig.tar.gz
Size/MD5: 4211337 e715ca402fc1218a078d65b7e7922082
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu3.1_all.deb
Size/MD5: 2206 0b2607875557fe48ede97a5c587d478c
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-nognome_4.16-1ubuntu3.1_all.deb
Size/MD5: 2210 62f2fc29169656b5bebd7df95dbab5b5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_amd64.deb
Size/MD5: 2820564 173539848f930775f01b37c252c5ac97
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_amd64.deb
Size/MD5: 3818740 e128aac305d6e3b065fdaabc39324c49
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_i386.deb
Size/MD5: 2600412 88a5c98a3522ddcd90cf46fd71dbc617
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_i386.deb
Size/MD5: 3363300 c383a848568378155b02444edb23f2f8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2915204 0189383bd5605aad6bc992dc8679547a
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_powerpc.deb
Size/MD5: 4037264 d287b3216588e52f98adcd48f490e43a
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.diff.gz
Size/MD5: 547000 9989541afef980609228f502b80fe016
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.dsc
Size/MD5: 841 da2704fe834001ce529dc43cba5c8745
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16.orig.tar.gz
Size/MD5: 4211337 e715ca402fc1218a078d65b7e7922082
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu11.1_all.deb
Size/MD5: 2208 43dc3e2c1a2b8df84cdabb2c0c3d5d19
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-nognome_4.16-1ubuntu11.1_all.deb
Size/MD5: 2212 7fa5d0f1e0b071ba304b48ced30f452d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_amd64.deb
Size/MD5: 2833530 f34243177312d26fb3d3e8793c5b62f9
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_amd64.deb
Size/MD5: 3489802 3c8ab6178e1e777c299ea05b30c56d83
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_i386.deb
Size/MD5: 2595466 1c88b8e9f4044df306923b6fbf836f15
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_i386.deb
Size/MD5: 2997488 0c893d4a7a0458e309029f8d5203dd04
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_powerpc.deb
Size/MD5: 2925960 df13450ced11ef1434bdd5b9ae3d8ea5
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_powerpc.deb
Size/MD5: 3706970 413be7444c4739c4e17cd2f4d00c741d
--UOYwgDhKKQYesrzQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEO7F/DecnbV4Fd/IRAlbHAJ9pckidvh+wyYhAoqwP9gBTtYP8VACeJw7r
MJdeuMB9Lf4qiWYL0ua4Bas=
=PGvF
-----END PGP SIGNATURE-----
xscreensaver vulnerability
CVE-2004-2655
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
xscreensaver
xscreensaver-gl
xscreensaver-gnome
xscreensaver-nognome
The problem can be corrected by upgrading the affected package to
version 4.16-1ubuntu3.1 (for Ubuntu 4.10), or 4.16-1ubuntu11.1 (for
Ubuntu 5.04). After a standard system upgrade you need to restart your
session to effect the necessary changes.
Details follow:
In some cases, xscreensaver did not properly grab the keyboard when
reading the password for unlocking the screen, so that the password
was typed into the currently active application window.
The only known vulnerable case was when xscreensaver activated while
an rdesktop session was currently active.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.diff.gz
Size/MD5: 529361 213c8f135c4571b7a7166f6dd9ad8c23
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.dsc
Size/MD5: 826 f0d1078ed40504e6127c7f89eca383ae
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16.orig.tar.gz
Size/MD5: 4211337 e715ca402fc1218a078d65b7e7922082
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu3.1_all.deb
Size/MD5: 2206 0b2607875557fe48ede97a5c587d478c
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-nognome_4.16-1ubuntu3.1_all.deb
Size/MD5: 2210 62f2fc29169656b5bebd7df95dbab5b5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_amd64.deb
Size/MD5: 2820564 173539848f930775f01b37c252c5ac97
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_amd64.deb
Size/MD5: 3818740 e128aac305d6e3b065fdaabc39324c49
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_i386.deb
Size/MD5: 2600412 88a5c98a3522ddcd90cf46fd71dbc617
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_i386.deb
Size/MD5: 3363300 c383a848568378155b02444edb23f2f8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2915204 0189383bd5605aad6bc992dc8679547a
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_powerpc.deb
Size/MD5: 4037264 d287b3216588e52f98adcd48f490e43a
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.diff.gz
Size/MD5: 547000 9989541afef980609228f502b80fe016
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.dsc
Size/MD5: 841 da2704fe834001ce529dc43cba5c8745
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16.orig.tar.gz
Size/MD5: 4211337 e715ca402fc1218a078d65b7e7922082
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu11.1_all.deb
Size/MD5: 2208 43dc3e2c1a2b8df84cdabb2c0c3d5d19
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-nognome_4.16-1ubuntu11.1_all.deb
Size/MD5: 2212 7fa5d0f1e0b071ba304b48ced30f452d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_amd64.deb
Size/MD5: 2833530 f34243177312d26fb3d3e8793c5b62f9
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_amd64.deb
Size/MD5: 3489802 3c8ab6178e1e777c299ea05b30c56d83
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_i386.deb
Size/MD5: 2595466 1c88b8e9f4044df306923b6fbf836f15
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_i386.deb
Size/MD5: 2997488 0c893d4a7a0458e309029f8d5203dd04
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_powerpc.deb
Size/MD5: 2925960 df13450ced11ef1434bdd5b9ae3d8ea5
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_powerpc.deb
Size/MD5: 3706970 413be7444c4739c4e17cd2f4d00c741d
--UOYwgDhKKQYesrzQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEO7F/DecnbV4Fd/IRAlbHAJ9pckidvh+wyYhAoqwP9gBTtYP8VACeJw7r
MJdeuMB9Lf4qiWYL0ua4Bas=
=PGvF
-----END PGP SIGNATURE-----
