|
|
|
|
Ubuntu update for gnome-screensaver and compiz
|
|
Secunia Advisory:
|
SA27381
|
|
|
Release Date:
|
2007-10-24
|
|
Last Update:
|
2007-11-05
|
|
Popularity:
|
5,801 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Ubuntu Linux 7.10
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2007-3920
|
|
Description:
Ubuntu has issued an update for gnome-screensaver and compiz. This fixes a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.
The security issue is caused due to the gnome-screensaver not correctly preventing Compiz from grabbing the input focus. This can be exploited to bypass and disable the screen locking feature via e.g. "alt+tab".
Successful exploitation requires that Compiz is used.
Solution:
Apply updated packages.
-- Ubuntu 7.10 --
Source archives:
http://security.ubuntu.com/ubuntu/poo...screensaver_2.20.0-0ubuntu4.2.diff.gz
Size/MD5: 22567 59f266ec6eb94b6a903e19b0ba0ddc0a
http://security.ubuntu.com/ubuntu/poo...ome-screensaver_2.20.0-0ubuntu4.2.dsc
Size/MD5: 1245 7a751fbd47821da72e6a980027a48011
http://security.ubuntu.com/ubuntu/poo.../gnome-screensaver_2.20.0.orig.tar.gz
Size/MD5: 2320018 db71d89c66fa3a96b3b276403b5bb723
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/poo...reensaver_2.20.0-0ubuntu4.2_amd64.deb
Size/MD5: 1587250 2fdaaea4518774413cc48137d5f71f70
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/poo...creensaver_2.20.0-0ubuntu4.2_i386.deb
Size/MD5: 1570186 93d6f27e6334ae4022234d3fd165ade9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/poo...ensaver_2.20.0-0ubuntu4.2_powerpc.deb
Size/MD5: 1605514 edeb052d5d0ccaa97085fd69f6b4f25a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/poo...reensaver_2.20.0-0ubuntu4.2_sparc.deb
Size/MD5: 1576650 9eaac4a063ae54792d052590c9bc4bc1
Source archives:
http://security.ubuntu.com/ubuntu/poo..._0.6.0+git20071008-0ubuntu1.1.diff.gz
Size/MD5: 29827 b2550efe55c1d8a18ad4e284a28ca899
http://security.ubuntu.com/ubuntu/poo...mpiz_0.6.0+git20071008-0ubuntu1.1.dsc
Size/MD5: 1649 ab43c9b6f0e98efc838ef255845b31d2
http://security.ubuntu.com/ubuntu/poo.../compiz_0.6.0+git20071008.orig.tar.gz
Size/MD5: 1761080 cf9ec6ee88b5a013dc45615623edd290
Architecture independent packages:
http://security.ubuntu.com/ubuntu/poo..._0.6.0+git20071008-0ubuntu1.1_all.deb
Size/MD5: 31690 e2130dea26860c0cdd440b06cbe22b4b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 201614 d38d37f17a435644c66b3bc2b67ba104
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 58896 13827f47ed327985c0110f3f67091fa2
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 176974 afbd3384a12ea27248c396658439dd84
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 312020 85f424b01fbf6bf569c1afe10a2498be
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 38016 43e78f6795a87b16284ea01f04573096
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 49518 6918b584bd2efbf2c4498de545df9d64
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_amd64.deb
Size/MD5: 93440 c390c04d0287cf8d59214726dd7b6df4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 190670 2c69c223dd7b01af92ba9d678b7d6989
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 58894 5b030fbf593ae76b87db4df78736b204
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 171552 f5afdabd90ce1831e17dd459694bceaf
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 280358 944e6ada5dd20be6606c12c51c24e115
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 38026 36099c55061121c8fc191bb7bdc0cc8e
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 48524 c86d2f45c4180ca1f703f1602e0d99be
http://security.ubuntu.com/ubuntu/poo...0.6.0+git20071008-0ubuntu1.1_i386.deb
Size/MD5: 90958 7497eb8e31d7122098853257926f5c34
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 203886 208e61976da728651b5d1b08270862e6
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 58902 47254a78f893dad736cedcceaa6f76a1
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 183612 39f85e66846c8957127a3cb4f78e18a0
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 354288 de6eef139f5c20961492d24f885cb0c2
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 38032 6c201be7b5ed09deaae4d23eaf1f5426
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 52486 3050c0a20a5f3cf12fdc975649990550
http://security.ubuntu.com/ubuntu/poo....0+git20071008-0ubuntu1.1_powerpc.deb
Size/MD5: 98442 6784da37baf410d28c115de33cab9530
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 193342 edaa5df12a5f7a2e01ab55d5667091d7
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 58898 af66b1370f0a7cc427bfbd356a0ebbf3
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 174396 cda564a42b5b8112b174b76f6ef92997
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 291648 dd15868aa72301182b2dbf80fde35ba8
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 38028 cc1ba35b84bc29e8c4096ad50dace8e7
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 47442 d5ad12579bcd525751523d78d3b2497f
http://security.ubuntu.com/ubuntu/poo....6.0+git20071008-0ubuntu1.1_sparc.deb
Size/MD5: 90678 f491b2bdc46acd486db7049c1e575673
Provided and/or discovered by:
Ubuntu credits Jens Askengren.
Changelog:
2007-11-05: Updated advisory with information about patched compiz packages. Added link to updated Ubuntu advisory.
Original Advisory:
https://lists.ubuntu.com/archives/ubu...ity-announce/2007-October/000616.html
https://lists.ubuntu.com/archives/ubu...ty-announce/2007-November/000618.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
20 |
|
New vulnerabilities:
|
45 |
|
Updated advisories:
|
31 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
