USN-669-1: gnome-screensaver vulnerabilities
===========================================================
Ubuntu Security Notice USN-669-1 November 11, 2008
gnome-screensaver vulnerabilities CVE-2007-6389, CVE-2008-0887 ===========================================================
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gnome-screensaver 2.14.3-0ubuntu1.1 Ubuntu 7.10: gnome-screensaver 2.20.0-0ubuntu4.3 After a standard system upgrade you need to restart all user sessions on your computer to effect the necessary changes.
Details follow: It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887)
Recent comments
9 weeks 5 days ago
9 weeks 6 days ago
10 weeks 5 days ago
11 weeks 2 days ago
11 weeks 6 days ago
12 weeks 2 hours ago
12 weeks 1 day ago
13 weeks 5 days ago
25 weeks 6 days ago
30 weeks 1 day ago