|
|
| Problem Description |
A vulnerability was found in gnome-screensaver prior to 2.22.1
when a remote authentication server was enabled. During a network
outage, gnome-screensaver would crash upon an unlock attempt,
allowing physically local users to gain access to locked sessions
(CVE-2008-0887).
The updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2008.0
3d403fc224bbb02d74eaddba0048225b 2008.0/i586/gnome-screensaver-2.20.0-2.1mdv2008.0.i586.rpm 653c5654fcc4451f66eb165cad10bd17 2008.0/SRPMS/gnome-screensaver-2.20.0-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
d29ba53d61c163fcd0d16bc012af5180 2008.0/x86_64/gnome-screensaver-2.20.0-2.1mdv2008.0.x86_64.rpm 653c5654fcc4451f66eb165cad10bd17 2008.0/SRPMS/gnome-screensaver-2.20.0-2.1mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.