---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Ubuntu update for gnome-screensaver SECUNIA ADVISORY ID: SA27381 VERIFY ADVISORY: http://secunia.com/advisories/27381/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Ubuntu Linux 7.10 http://secunia.com/product/16251/ DESCRIPTION: Ubuntu has issued an update for gnome-screensaver. This fixes a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions. The security issue is caused due to the gnome-screensaver not correctly preventing Compiz from grabbing the input focus. This can be exploited to bypass and disable the screen locking feature via e.g. "alt+tab". Successful exploitation requires that Compiz is used. SOLUTION: Apply updated packages. -- Ubuntu 7.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.2.diff.gz Size/MD5: 22567 59f266ec6eb94b6a903e19b0ba0ddc0a http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.2.dsc Size/MD5: 1245 7a751fbd47821da72e6a980027a48011 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0.orig.tar.gz Size/MD5: 2320018 db71d89c66fa3a96b3b276403b5bb723 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.2_amd64.deb Size/MD5: 1587250 2fdaaea4518774413cc48137d5f71f70 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.2_i386.deb Size/MD5: 1570186 93d6f27e6334ae4022234d3fd165ade9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.2_powerpc.deb Size/MD5: 1605514 edeb052d5d0ccaa97085fd69f6b4f25a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.2_sparc.deb Size/MD5: 1576650 9eaac4a063ae54792d052590c9bc4bc1 PROVIDED AND/OR DISCOVERED BY: Ubuntu credits Jens Askengren. ORIGINAL ADVISORY: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-October/000616.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------