USN-866-1: gnome-screensaver vulnerability

Ubuntu Security Notice USN-866-1

7th December, 2009

gnome-screensaver vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.10

Software description

  • gnome-screensaver

Details

It was discovered that gnome-screensaver did not always re-enable itself
after applications requested it to ignore idle timers. This may result in the
screen not being automatically locked after the inactivity timeout is
reached, permitting an attacker with physical access to gain access to an
unlocked session.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.10:
gnome-screensaver 2.28.0-0ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect
the necessary changes.

References

CVE-2009-4641