From martin.pitt@canonical.com Tue Apr 11 09:39:07 2006 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Tue, 11 Apr 2006 15:39:11 +0200 Subject: [Full-disclosure] [USN-269-1] xscreensaver vulnerability =========================================================== Ubuntu Security Notice USN-269-1 April 11, 2006 xscreensaver vulnerability CVE-2004-2655 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: xscreensaver xscreensaver-gl xscreensaver-gnome xscreensaver-nognome The problem can be corrected by upgrading the affected package to version 4.16-1ubuntu3.1 (for Ubuntu 4.10), or 4.16-1ubuntu11.1 (for Ubuntu 5.04). After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: In some cases, xscreensaver did not properly grab the keyboard when reading the password for unlocking the screen, so that the password was typed into the currently active application window. The only known vulnerable case was when xscreensaver activated while an rdesktop session was currently active. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.diff.gz Size/MD5: 529361 213c8f135c4571b7a7166f6dd9ad8c23 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.dsc Size/MD5: 826 f0d1078ed40504e6127c7f89eca383ae http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16.orig.tar.gz Size/MD5: 4211337 e715ca402fc1218a078d65b7e7922082 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu3.1_all.deb Size/MD5: 2206 0b2607875557fe48ede97a5c587d478c http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-nognome_4.16-1ubuntu3.1_all.deb Size/MD5: 2210 62f2fc29169656b5bebd7df95dbab5b5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_amd64.deb Size/MD5: 2820564 173539848f930775f01b37c252c5ac97 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_amd64.deb Size/MD5: 3818740 e128aac305d6e3b065fdaabc39324c49 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_i386.deb Size/MD5: 2600412 88a5c98a3522ddcd90cf46fd71dbc617 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_i386.deb Size/MD5: 3363300 c383a848568378155b02444edb23f2f8 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_powerpc.deb Size/MD5: 2915204 0189383bd5605aad6bc992dc8679547a http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1_powerpc.deb Size/MD5: 4037264 d287b3216588e52f98adcd48f490e43a Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.diff.gz Size/MD5: 547000 9989541afef980609228f502b80fe016 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.dsc Size/MD5: 841 da2704fe834001ce529dc43cba5c8745 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16.orig.tar.gz Size/MD5: 4211337 e715ca402fc1218a078d65b7e7922082 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu11.1_all.deb Size/MD5: 2208 43dc3e2c1a2b8df84cdabb2c0c3d5d19 http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-nognome_4.16-1ubuntu11.1_all.deb Size/MD5: 2212 7fa5d0f1e0b071ba304b48ced30f452d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_amd64.deb Size/MD5: 2833530 f34243177312d26fb3d3e8793c5b62f9 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_amd64.deb Size/MD5: 3489802 3c8ab6178e1e777c299ea05b30c56d83 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_i386.deb Size/MD5: 2595466 1c88b8e9f4044df306923b6fbf836f15 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_i386.deb Size/MD5: 2997488 0c893d4a7a0458e309029f8d5203dd04 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_powerpc.deb Size/MD5: 2925960 df13450ced11ef1434bdd5b9ae3d8ea5 http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1_powerpc.deb Size/MD5: 3706970 413be7444c4739c4e17cd2f4d00c741d [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 198bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/