openSUSE Security Update : gnome-screensaver (gnome-screensaver-1973)

High Nessus Plugin ID 44622

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote openSUSE host is missing a security update.

Description

gnome-screensaver was updated to the stable release 2.28.3, fixing various bugs and security issues.

Following security issues have been fixed: When resuming a system gnome-screensaver does not lock external displays that got connected while the system was suspended (CVE-2010-0285: CVSS v2 Base Score:
5.6).

Additionally another bug in gnome-screensaver was fixed that allowed bypassing the unlock dialog by using a removable monitor.
(CVE-2010-0414: CVSS v2 Base Score: 6.2)

Pressing 'return' repeatedly caused a X error which terminated the lock and so allowed local users to access the underlying session. (no CVE yet)

CVE-2010-0422: gnome-screensaver can lose its keyboard grab when locked, exposing the system to intrusion by adding and removing monitors.

Solution

Update the affected gnome-screensaver packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=550695

Plugin Details

Severity: High

ID: 44622

File Name: suse_11_2_gnome-screensaver-100214.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2010/02/16

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gnome-screensaver, p-cpe:/a:novell:opensuse:gnome-screensaver-lang, cpe:/o:novell:opensuse:11.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2010/02/14

Reference Information

CVE: CVE-2010-0285, CVE-2010-0414, CVE-2010-0422