----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Ubuntu update for gnome-screensaver

SECUNIA ADVISORY ID:
SA32691

VERIFY ADVISORY:
http://secunia.com/advisories/32691/

CRITICAL:
Not critical

IMPACT:
Security Bypass, Exposure of sensitive information

WHERE:
Local system

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/advisories/product/10611/
Ubuntu Linux 7.10
http://secunia.com/advisories/product/16251/

DESCRIPTION:
Ubuntu has issued an update for gnome-screensaver. This fixes a
weakness and a security issue, which can be exploited by malicious
people with physical access to disclose potentially sensitive
information or bypass certain security restrictions.

For more information:
SA29595

SOLUTION:
Apply updated packages.

-- Ubuntu 6.06 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1.diff.gz
Size/MD5: 14632 858a17bd71cf1969f89c9f7248840e0b
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1.dsc
Size/MD5: 1515 100a66b14d50912bd73b49b6915d849b
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3.orig.tar.gz
Size/MD5: 2122211 9c95c9d0ad4c44a215546dd4b95992b0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 1502090 d5bfdd6505afe949c6414fb01dab0bb9

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_i386.deb
Size/MD5: 1483824 bcb42c8bb0a73fbc06c5a465a75fa299

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 1499086 d7e65422d70d2ff6405b0472f03b1c1f

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_sparc.deb
Size/MD5: 1486326 bff6d9f48780721f2621a0c6895aa143

-- Ubuntu 7.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3.diff.gz
Size/MD5: 25605 044d070d183f0e073dc1ac81945b0cc5
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3.dsc
Size/MD5: 1695 472b10fdbd46177cbe20b58350265d64
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0.orig.tar.gz
Size/MD5: 2320018 db71d89c66fa3a96b3b276403b5bb723

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_amd64.deb
Size/MD5: 1587388 6655526c8225d3b139eb36c1cbbf948a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_i386.deb
Size/MD5: 1570386 456e6a56f46efac8de675aa906bf70c2

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_lpia.deb
Size/MD5: 1569166 c7f1ce8eeee0127cd557a78cf9591b36

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_powerpc.deb
Size/MD5: 1606010 a65b33b3a95a7d23bcbdd5e894785852

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_sparc.deb
Size/MD5: 1576698 1566098fa61738a75ecaf0c98886eac1

ORIGINAL ADVISORY:
USN-669-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-November/000776.html

OTHER REFERENCES:
SA29595:
http://secunia.com/advisories/29595/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------