Red Hat Product Errata RHSA-2007:0322 - Security Advisory

Issued:: 2007-05-02
Updated:: 2007-05-02

RHSA-2007:0322 - Security Advisory

Overview
Updated Packages

Synopsis

Important: xscreensaver security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated xscreensaver package that fixes a security flaw is now
available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

XScreenSaver is a collection of screensavers.

Alex Yamauchi discovered a flaw in the way XScreenSaver verifies user
passwords. When a system is using a remote directory service for login
credentials, a local attacker may be able to cause a network outage causing
XScreenSaver to crash, unlocking the screen. (CVE-2007-1859)

Users of XScreenSaver should upgrade to this updated package, which
contains a backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 237003 - CVE-2007-1859 xscreensaver authentication bypass

CVEs

CVE-2007-1859

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
xscreensaver-4.18-5.rhel4.14.x86_64.rpm	SHA-256: feabada01b2f91cda1066f2e26decbc711071af49b1a7c11016793a30d7f99cb
xscreensaver-4.18-5.rhel4.14.x86_64.rpm	SHA-256: feabada01b2f91cda1066f2e26decbc711071af49b1a7c11016793a30d7f99cb
ia64
xscreensaver-4.18-5.rhel4.14.ia64.rpm	SHA-256: 36d74e537ea7c8c62a80f7defde4c20eb8c892a6313a7798616c77625fe64753
xscreensaver-4.18-5.rhel4.14.ia64.rpm	SHA-256: 36d74e537ea7c8c62a80f7defde4c20eb8c892a6313a7798616c77625fe64753
i386
xscreensaver-4.18-5.rhel4.14.i386.rpm	SHA-256: de38dba2f961d56cf77d2334dc21597ec0723ebca5a00f7a9bbd350a48a89bc2
xscreensaver-4.18-5.rhel4.14.i386.rpm	SHA-256: de38dba2f961d56cf77d2334dc21597ec0723ebca5a00f7a9bbd350a48a89bc2

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
x86_64
xscreensaver-4.18-5.rhel4.14.x86_64.rpm	SHA-256: feabada01b2f91cda1066f2e26decbc711071af49b1a7c11016793a30d7f99cb
xscreensaver-4.18-5.rhel4.14.x86_64.rpm	SHA-256: feabada01b2f91cda1066f2e26decbc711071af49b1a7c11016793a30d7f99cb
ia64
xscreensaver-4.18-5.rhel4.14.ia64.rpm	SHA-256: 36d74e537ea7c8c62a80f7defde4c20eb8c892a6313a7798616c77625fe64753
xscreensaver-4.18-5.rhel4.14.ia64.rpm	SHA-256: 36d74e537ea7c8c62a80f7defde4c20eb8c892a6313a7798616c77625fe64753
i386
xscreensaver-4.18-5.rhel4.14.i386.rpm	SHA-256: de38dba2f961d56cf77d2334dc21597ec0723ebca5a00f7a9bbd350a48a89bc2
xscreensaver-4.18-5.rhel4.14.i386.rpm	SHA-256: de38dba2f961d56cf77d2334dc21597ec0723ebca5a00f7a9bbd350a48a89bc2

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
xscreensaver-4.18-5.rhel4.14.x86_64.rpm	SHA-256: feabada01b2f91cda1066f2e26decbc711071af49b1a7c11016793a30d7f99cb
ia64
xscreensaver-4.18-5.rhel4.14.ia64.rpm	SHA-256: 36d74e537ea7c8c62a80f7defde4c20eb8c892a6313a7798616c77625fe64753
i386
xscreensaver-4.18-5.rhel4.14.i386.rpm	SHA-256: de38dba2f961d56cf77d2334dc21597ec0723ebca5a00f7a9bbd350a48a89bc2

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
xscreensaver-4.18-5.rhel4.14.x86_64.rpm	SHA-256: feabada01b2f91cda1066f2e26decbc711071af49b1a7c11016793a30d7f99cb
i386
xscreensaver-4.18-5.rhel4.14.i386.rpm	SHA-256: de38dba2f961d56cf77d2334dc21597ec0723ebca5a00f7a9bbd350a48a89bc2

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
xscreensaver-4.18-5.rhel4.14.s390x.rpm	SHA-256: 32d305af1692b5c3c6b9f6d21a191a920b731e55de20846acf4dccd78a02037d
s390
xscreensaver-4.18-5.rhel4.14.s390.rpm	SHA-256: c592ce5006454ddbf6dd2804138c73c8875af8f3bf241ba31ba3f703c2685886

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
s390x
xscreensaver-4.18-5.rhel4.14.s390x.rpm	SHA-256: 32d305af1692b5c3c6b9f6d21a191a920b731e55de20846acf4dccd78a02037d
s390
xscreensaver-4.18-5.rhel4.14.s390.rpm	SHA-256: c592ce5006454ddbf6dd2804138c73c8875af8f3bf241ba31ba3f703c2685886

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
xscreensaver-4.18-5.rhel4.14.ppc.rpm	SHA-256: 81a3d3fa72363cc16e2521354a6acc8a66f2c6decc7c6170cdf63d24700d135f

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
ppc
xscreensaver-4.18-5.rhel4.14.ppc.rpm	SHA-256: 81a3d3fa72363cc16e2521354a6acc8a66f2c6decc7c6170cdf63d24700d135f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.