Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:040 (gnome-screensaver)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66922

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:040 (gnome-screensaver)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to gnome-screensaver
announced via advisory MDVSA-2010:040.

Multiple vulnerabilities has been discovered and corrected in
gnome-screensaver:

gnome-screensaver 2.28.0 does not resume adherence to its activation
settings after an inhibiting application becomes unavailable on the
session bus, which allows physically proximate attackers to access
an unattended workstation on which screen locking had been intended
(CVE-2009-4641).

gnome-screensaver before 2.28.2 allows physically proximate attackers
to bypass screen locking and access an unattended workstation by moving
the mouse position to an external monitor and then disconnecting that
monitor (CVE-2010-0414).

This update provides gnome-screensaver 2.28.3, which is not vulnerable
to these issues.

Affected: 2010.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:040

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4641
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://www.ubuntu.com/usn/USN-866-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-0414
38149
http://www.securityfocus.com/bid/38149
38468
http://secunia.com/advisories/38468
38532
http://secunia.com/advisories/38532
38534
http://secunia.com/advisories/38534
62219
http://www.osvdb.org/62219
FEDORA-2010-1556
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html
MDVSA-2010:040
USN-898-1
http://www.ubuntu.com/usn/USN-898-1
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news
http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950
http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f
https://bugzilla.gnome.org/show_bug.cgi?id=609337
https://bugzilla.redhat.com/show_bug.cgi?id=562217

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66922
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:040 (gnome-screensaver)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gnome-screensaver announced via advisory MDVSA-2010:040. Multiple vulnerabilities has been discovered and corrected in gnome-screensaver: gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended (CVE-2009-4641). gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor (CVE-2010-0414). This update provides gnome-screensaver 2.28.3, which is not vulnerable to these issues. Affected: 2010.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:040 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4641 http://www.mandriva.com/security/advisories?name=MDVSA-2010:040 http://www.ubuntu.com/usn/USN-866-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-0414 38149 http://www.securityfocus.com/bid/38149 38468 http://secunia.com/advisories/38468 38532 http://secunia.com/advisories/38532 38534 http://secunia.com/advisories/38534 62219 http://www.osvdb.org/62219 FEDORA-2010-1556 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html MDVSA-2010:040 USN-898-1 http://www.ubuntu.com/usn/USN-898-1 http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950 http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f https://bugzilla.gnome.org/show_bug.cgi?id=609337 https://bugzilla.redhat.com/show_bug.cgi?id=562217
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com