Package name
gnome-screensaver
Date
2010-02-17
Advisory ID
MDVSA-2010:040
Affected versions
2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities has been discovered and corrected in
gnome-screensaver:

gnome-screensaver 2.28.0 does not resume adherence to its activation
settings after an inhibiting application becomes unavailable on the
session bus, which allows physically proximate attackers to access
an unattended workstation on which screen locking had been intended
(CVE-2009-4641).

gnome-screensaver before 2.28.2 allows physically proximate attackers
to bypass screen locking and access an unattended workstation by moving
the mouse position to an external monitor and then disconnecting that
monitor (CVE-2010-0414).

This update provides gnome-screensaver 2.28.3, which is not vulnerable
to these issues.

Updated packages

2010.0 x86_64

 87e478a0fbff7f916f2bddcf6de3e89a  2010.0/x86_64/gnome-screensaver-2.28.3-1.1mdv2010.0.x86_64.rpm 
 cf9bb84668b17fb497752472aa7be1fb  2010.0/SRPMS/gnome-screensaver-2.28.3-1.1mdv2010.0.src.rpm

2010.0 i586

 1d4b1a2c33e12fd99fb45415359cb308  2010.0/i586/gnome-screensaver-2.28.3-1.1mdv2010.0.i586.rpm 
 cf9bb84668b17fb497752472aa7be1fb  2010.0/SRPMS/gnome-screensaver-2.28.3-1.1mdv2010.0.src.rpm

References