openSUSE Security Update : gnome-screensaver (gnome-screensaver-1973)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

gnome-screensaver was updated to the stable release 2.28.3, fixing
various bugs and security issues.

Following security issues have been fixed: When resuming a system
gnome-screensaver does not lock external displays that got connected
while the system was suspended (CVE-2010-0285: CVSS v2 Base Score:
5.6).

Additionally another bug in gnome-screensaver was fixed that allowed
bypassing the unlock dialog by using a removable monitor.
(CVE-2010-0414: CVSS v2 Base Score: 6.2)

Pressing 'return' repeatedly caused a X error which terminated the
lock and so allowed local users to access the underlying session. (no
CVE yet)

CVE-2010-0422: gnome-screensaver can lose its keyboard grab when
locked, exposing the system to intrusion by adding and removing
monitors.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=550695

Solution :

Update the affected gnome-screensaver packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 44622 ()

Bugtraq ID:

CVE ID: CVE-2010-0285
CVE-2010-0414
CVE-2010-0422

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now