|
|
| Problem Description |
A vulnerability was found in gnome-screensaver 2.20.0 that could
possibly allow a local user to read the clipboard contents and X
selection data for a locked session by using CTRL-V (CVE-2007-6389).
The updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2008.0
5d98cc0c0e53e330152467813ebc75d5 2008.0/i586/gnome-screensaver-2.20.0-2.2mdv2008.0.i586.rpm b9168aa13b1157d3d3e39e73d141aec6 2008.0/SRPMS/gnome-screensaver-2.20.0-2.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
72c1d0b2290a5e325f53b7b69d98c9ef 2008.0/x86_64/gnome-screensaver-2.20.0-2.2mdv2008.0.x86_64.rpm b9168aa13b1157d3d3e39e73d141aec6 2008.0/SRPMS/gnome-screensaver-2.20.0-2.2mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6389
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.