GNOME screen lock ineffective in openSUSE Linux - Update
Source: H Security - Posted by Alex   
Host Security The screen lock of openSUSE 11.2 can be bypassed by the simplest of means. A reader's report prompted The H's associates at heise Security to investigate. Tests confirmed that a locked desktop session can be unlocked without password by holding down the return key. This causes the GNOME screen saver to crash and unlock the desktop after only a few seconds. The gnome-screensaver-2.28.0-2.3 package is affected in the standard repositories, but older packages could potentially also contain the flaw. In other GNOME 2.28-based Linux distributions such as Ubuntu and Fedora the screen lock mechanism works perfectly. The SUSE Enterprise versions are unlikely to be affected by the problem because they are still based on openSUSE 11.1.

The servers for future updates already offer version 2.28.0-2.4.1 of the GNOME screen saver. Those who depend on the screen lock to prevent others from obtaining unauthorised desktop access are advised to update to the new version. The address of the test update repository is http://download.opensuse.org/update/11.2-test/. The new package can also be downloaded manually (for i586 and x86_64 direct downloads) and installed on the command line via rpm -Uhv .rpm. SUSE has yet to clarify when the update will be transferred to the regular update repositories.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!