Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-537-2: Compiz vulnerability
Posted by Bob on: 11/02/2007 04:40 PM [ Print | 0 comment(s) ]
A new Compiz vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-537-2 November 02, 2007
compiz vulnerability
CVE-2007-3920
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
compiz-core 1:0.6.0+git20071008-0ubuntu1.1
After a standard system upgrade you need to restart your session to affect
the necessary changes.
Details follow:
USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were
incomplete, and only reduced the scope of the vulnerability, without
fully solving it. This update fixes related problems in compiz.
Original advisory details:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local attacker
could exploit this to bypass the user's locked screen saver.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008-0ubuntu1.1.diff.gz
Size/MD5: 29827 b2550efe55c1d8a18ad4e284a28ca899
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008-0ubuntu1.1.dsc
Size/MD5: 1649 ab43c9b6f0e98efc838ef255845b31d2
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008.orig.tar.gz
Size/MD5: 1761080 cf9ec6ee88b5a013dc45615623edd290
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008-0ubuntu1.1_all.deb
Size/MD5: 31690 e2130dea26860c0cdd440b06cbe22b4b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 201614 d38d37f17a435644c66b3bc2b67ba104
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_amd64.deb
Size/MD5: 58896 13827f47ed327985c0110f3f67091fa2
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 176974 afbd3384a12ea27248c396658439dd84
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 312020 85f424b01fbf6bf569c1afe10a2498be
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 38016 43e78f6795a87b16284ea01f04573096
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 49518 6918b584bd2efbf2c4498de545df9d64
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 93440 c390c04d0287cf8d59214726dd7b6df4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_i386.deb
Size/MD5: 190670 2c69c223dd7b01af92ba9d678b7d6989
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_i386.deb
Size/MD5: 58894 5b030fbf593ae76b87db4df78736b204
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 171552 f5afdabd90ce1831e17dd459694bceaf
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 280358 944e6ada5dd20be6606c12c51c24e115
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 38026 36099c55061121c8fc191bb7bdc0cc8e
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 48524 c86d2f45c4180ca1f703f1602e0d99be
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 90958 7497eb8e31d7122098853257926f5c34
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 203886 208e61976da728651b5d1b08270862e6
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 58902 47254a78f893dad736cedcceaa6f76a1
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 183612 39f85e66846c8957127a3cb4f78e18a0
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 354288 de6eef139f5c20961492d24f885cb0c2
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 38032 6c201be7b5ed09deaae4d23eaf1f5426
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 52486 3050c0a20a5f3cf12fdc975649990550
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 98442 6784da37baf410d28c115de33cab9530
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 193342 edaa5df12a5f7a2e01ab55d5667091d7
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_sparc.deb
Size/MD5: 58898 af66b1370f0a7cc427bfbd356a0ebbf3
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 174396 cda564a42b5b8112b174b76f6ef92997
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 291648 dd15868aa72301182b2dbf80fde35ba8
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 38028 cc1ba35b84bc29e8c4096ad50dace8e7
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 47442 d5ad12579bcd525751523d78d3b2497f
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 90678 f491b2bdc46acd486db7049c1e575673
--OJnKAutO47z+s2LZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHK0NhH/9LqRcGPm0RAkRtAKCKc5TlE3sm65kLLNXKo36GlUtxkwCePCvI
EupRShiwLBDaRDnCs2TwR1A=
=D1pm
-----END PGP SIGNATURE-----
compiz vulnerability
CVE-2007-3920
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
compiz-core 1:0.6.0+git20071008-0ubuntu1.1
After a standard system upgrade you need to restart your session to affect
the necessary changes.
Details follow:
USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were
incomplete, and only reduced the scope of the vulnerability, without
fully solving it. This update fixes related problems in compiz.
Original advisory details:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local attacker
could exploit this to bypass the user's locked screen saver.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008-0ubuntu1.1.diff.gz
Size/MD5: 29827 b2550efe55c1d8a18ad4e284a28ca899
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008-0ubuntu1.1.dsc
Size/MD5: 1649 ab43c9b6f0e98efc838ef255845b31d2
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008.orig.tar.gz
Size/MD5: 1761080 cf9ec6ee88b5a013dc45615623edd290
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20=
071008-0ubuntu1.1_all.deb
Size/MD5: 31690 e2130dea26860c0cdd440b06cbe22b4b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 201614 d38d37f17a435644c66b3bc2b67ba104
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_amd64.deb
Size/MD5: 58896 13827f47ed327985c0110f3f67091fa2
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 176974 afbd3384a12ea27248c396658439dd84
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 312020 85f424b01fbf6bf569c1afe10a2498be
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 38016 43e78f6795a87b16284ea01f04573096
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 49518 6918b584bd2efbf2c4498de545df9d64
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 93440 c390c04d0287cf8d59214726dd7b6df4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_i386.deb
Size/MD5: 190670 2c69c223dd7b01af92ba9d678b7d6989
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_i386.deb
Size/MD5: 58894 5b030fbf593ae76b87db4df78736b204
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 171552 f5afdabd90ce1831e17dd459694bceaf
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 280358 944e6ada5dd20be6606c12c51c24e115
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 38026 36099c55061121c8fc191bb7bdc0cc8e
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 48524 c86d2f45c4180ca1f703f1602e0d99be
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 90958 7497eb8e31d7122098853257926f5c34
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 203886 208e61976da728651b5d1b08270862e6
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 58902 47254a78f893dad736cedcceaa6f76a1
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 183612 39f85e66846c8957127a3cb4f78e18a0
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 354288 de6eef139f5c20961492d24f885cb0c2
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 38032 6c201be7b5ed09deaae4d23eaf1f5426
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 52486 3050c0a20a5f3cf12fdc975649990550
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 98442 6784da37baf410d28c115de33cab9530
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+=
git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 193342 edaa5df12a5f7a2e01ab55d5667091d7
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+g=
it20071008-0ubuntu1.1_sparc.deb
Size/MD5: 58898 af66b1370f0a7cc427bfbd356a0ebbf3
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0=
+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 174396 cda564a42b5b8112b174b76f6ef92997
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6=
=2E0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 291648 dd15868aa72301182b2dbf80fde35ba8
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev=
_0.6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 38028 cc1ba35b84bc29e8c4096ad50dace8e7
http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6=
=2E0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 47442 d5ad12579bcd525751523d78d3b2497f
http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6=
=2E0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 90678 f491b2bdc46acd486db7049c1e575673
--OJnKAutO47z+s2LZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHK0NhH/9LqRcGPm0RAkRtAKCKc5TlE3sm65kLLNXKo36GlUtxkwCePCvI
EupRShiwLBDaRDnCs2TwR1A=
=D1pm
-----END PGP SIGNATURE-----
