LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Compiz vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz. Original advisory details: Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.
=========================================================== 
Ubuntu Security Notice USN-537-2          November 02, 2007
compiz vulnerability
CVE-2007-3920
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  compiz-core                     1:0.6.0+git20071008-0ubuntu1.1

After a standard system upgrade you need to restart your session to affect
the necessary changes.

Details follow:

USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were
incomplete, and only reduced the scope of the vulnerability, without
fully solving it. This update fixes related problems in compiz.

Original advisory details:

 Jens Askengren discovered that gnome-screensaver became confused when
 running under Compiz, and could lose keyboard lock focus. A local attacker
 could exploit this to bypass the user's locked screen saver.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20071008-0ubuntu1.1.diff.gz
      Size/MD5:    29827 b2550efe55c1d8a18ad4e284a28ca899
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20071008-0ubuntu1.1.dsc
      Size/MD5:     1649 ab43c9b6f0e98efc838ef255845b31d2
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20071008.orig.tar.gz
      Size/MD5:  1761080 cf9ec6ee88b5a013dc45615623edd290

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz_0.6.0+git20071008-0ubuntu1.1_all.deb
      Size/MD5:    31690 e2130dea26860c0cdd440b06cbe22b4b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:   201614 d38d37f17a435644c66b3bc2b67ba104
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:    58896 13827f47ed327985c0110f3f67091fa2
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:   176974 afbd3384a12ea27248c396658439dd84
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:   312020 85f424b01fbf6bf569c1afe10a2498be
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:    38016 43e78f6795a87b16284ea01f04573096
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:    49518 6918b584bd2efbf2c4498de545df9d64
    http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6.0+git20071008-0ubuntu1.1_amd64.deb
      Size/MD5:    93440 c390c04d0287cf8d59214726dd7b6df4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:   190670 2c69c223dd7b01af92ba9d678b7d6989
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:    58894 5b030fbf593ae76b87db4df78736b204
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:   171552 f5afdabd90ce1831e17dd459694bceaf
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:   280358 944e6ada5dd20be6606c12c51c24e115
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:    38026 36099c55061121c8fc191bb7bdc0cc8e
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:    48524 c86d2f45c4180ca1f703f1602e0d99be
    http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6.0+git20071008-0ubuntu1.1_i386.deb
      Size/MD5:    90958 7497eb8e31d7122098853257926f5c34

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:   203886 208e61976da728651b5d1b08270862e6
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:    58902 47254a78f893dad736cedcceaa6f76a1
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:   183612 39f85e66846c8957127a3cb4f78e18a0
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:   354288 de6eef139f5c20961492d24f885cb0c2
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:    38032 6c201be7b5ed09deaae4d23eaf1f5426
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:    52486 3050c0a20a5f3cf12fdc975649990550
    http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6.0+git20071008-0ubuntu1.1_powerpc.deb
      Size/MD5:    98442 6784da37baf410d28c115de33cab9530

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-core_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:   193342 edaa5df12a5f7a2e01ab55d5667091d7
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-dev_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:    58898 af66b1370f0a7cc427bfbd356a0ebbf3
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-gnome_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:   174396 cda564a42b5b8112b174b76f6ef92997
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/compiz-plugins_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:   291648 dd15868aa72301182b2dbf80fde35ba8
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0-dev_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:    38028 cc1ba35b84bc29e8c4096ad50dace8e7
    http://security.ubuntu.com/ubuntu/pool/main/c/compiz/libdecoration0_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:    47442 d5ad12579bcd525751523d78d3b2497f
    http://security.ubuntu.com/ubuntu/pool/universe/c/compiz/compiz-kde_0.6.0+git20071008-0ubuntu1.1_sparc.deb
      Size/MD5:    90678 f491b2bdc46acd486db7049c1e575673


--OJnKAutO47z+s2LZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHK0NhH/9LqRcGPm0RAkRtAKCKc5TlE3sm65kLLNXKo36GlUtxkwCePCvI
EupRShiwLBDaRDnCs2TwR1Apm
-----END PGP SIGNATURE-----

--OJnKAutO47z+s2LZ--


--==============V34382890758899664=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============V34382890758899664==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.