Mageia alert MGASA-2012-0328 (xlockmore) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0328: xlockmore-5.32-1.1.mga1
 (1/core), xlockmore-5.38-2.1.mga2 (2/core) 
Date:
    	       Fri, 9 Nov 2012 00:34:39 +0100
Message-ID:
    	       <20121108233439.GA29306@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0328
Date: 	November 9th, 2012
Affected releases: 	1, 2


Description:
Updated xlockmore packages fix security vulnerability:

A denial of service flaw was found in the way xlockmore, X screen lock
and screen saver, performed passing arguments to underlying localtime()
call, when the 'dclock' mode was used. An attacker could use this flaw
to potentially obtain unauthorized access to screen / graphical session,
previously locked by another user / victim (CVE-2012-4524)


Updated Packages:
Mageia 1:
xlockmore-5.32-1.1.mga1
xlockmore-gtk2-5.32-1.1.mga1

Mageia 2:
xlockmore-5.38-2.1.mga2
xlockmore-gtk2-5.38-2.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4524

http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=8008

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)