MDVSA-2010:040
- Package name
- gnome-screensaver
- Date
- 2010-02-17
- Advisory ID
- MDVSA-2010:040
- Affected versions
- 2010.0 x86_64 , 2010.0 i586
Problem description
Multiple vulnerabilities has been discovered and corrected in
gnome-screensaver:
gnome-screensaver 2.28.0 does not resume adherence to its activation
settings after an inhibiting application becomes unavailable on the
session bus, which allows physically proximate attackers to access
an unattended workstation on which screen locking had been intended
(CVE-2009-4641).
gnome-screensaver before 2.28.2 allows physically proximate attackers
to bypass screen locking and access an unattended workstation by moving
the mouse position to an external monitor and then disconnecting that
monitor (CVE-2010-0414).
This update provides gnome-screensaver 2.28.3, which is not vulnerable
to these issues.
Updated packages
2010.0 x86_64
87e478a0fbff7f916f2bddcf6de3e89a 2010.0/x86_64/gnome-screensaver-2.28.3-1.1mdv2010.0.x86_64.rpm cf9bb84668b17fb497752472aa7be1fb 2010.0/SRPMS/gnome-screensaver-2.28.3-1.1mdv2010.0.src.rpm
2010.0 i586
1d4b1a2c33e12fd99fb45415359cb308 2010.0/i586/gnome-screensaver-2.28.3-1.1mdv2010.0.i586.rpm cf9bb84668b17fb497752472aa7be1fb 2010.0/SRPMS/gnome-screensaver-2.28.3-1.1mdv2010.0.src.rpm