USN-866-1: gnome-screensaver vulnerability

7 December 2009

gnome-screensaver vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.10

Software Description

  • gnome-screensaver

Details

It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
gnome-screensaver - 2.28.0-0ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect the necessary changes.

References