United States : 
Unknown Browser
www.ltdw.net 
Articles Archive
Articles Archive
| [Security Announce] MDKSA-2006:071 - Updated xscreensaver packages fix clear-text password vulnerability |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Jeudi, 13 Avril 2006 23:30 |
|
_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:071 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xscreensaver Date : April 11, 2006 Affected: Corporate 3.0 _______________________________________________________________________ Problem Description: Rdesktop, with xscreensaver < 4.18, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. Updated xscreensaver packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2655 _______________________________________________________________________ Updated Packages: Corporate 3.0: 7fca69b43dc054e02d1e635558a2871f corporate/3.0/RPMS/xscreensaver-4.14-4.1.C30mdk.i586.rpm fcf51ed223e82ab32136b0ab40348300 corporate/3.0/RPMS/xscreensaver-extrusion-4.14-4.1.C30mdk.i586.rpm edfeccdb0f1406af612d97a7e0ee5a62 corporate/3.0/RPMS/xscreensaver-gl-4.14-4.1.C30mdk.i586.rpm d6c61c9ea67ee99f619c9abaa96ec133 corporate/3.0/SRPMS/xscreensaver-4.14-4.1.C30mdk.src.rpm Corporate 3.0/X86_64: a03034b99a097249c616935bc5e9706c x86_64/corporate/3.0/RPMS/xscreensaver-4.14-4.1.C30mdk.x86_64.rpm ca12d4e28f3db44a9018dbc19b8243e9 x86_64/corporate/3.0/RPMS/xscreensaver-extrusion-4.14-4.1.C30mdk.x86_64.rpm 1d7534873b19a4497e7f577c03585460 x86_64/corporate/3.0/RPMS/xscreensaver-gl-4.14-4.1.C30mdk.x86_64.rpm d6c61c9ea67ee99f619c9abaa96ec133 x86_64/corporate/3.0/SRPMS/xscreensaver-4.14-4.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ 
|
