View Full Version : USN-537-2: Compiz vulnerability

November 2nd, 2007, 08:50 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-537-2 November 02, 2007 compiz vulnerability CVE-2007-3920 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: compiz-core 1:0.6.0+git20071008-0ubuntu1.1 After a standard system upgrade you need to restart your session to affect the necessary changes. Details follow: USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz. Original advisory details: Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.

More... (http://www.ubuntu.com/usn/usn-537-2)