Issued:: 2008-04-02
Updated:: 2008-04-02

RHSA-2008:0197 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: gnome-screensaver security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated gnome-screensaver package that fixes a security flaw is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

gnome-screensaver is the GNOME project's official screen saver program.

A flaw was found in the way gnome-screensaver verified user passwords. When
a system used a remote directory service for login credentials, a local
attacker able to cause a network outage could cause gnome-screensaver to
crash, unlocking the screen. (CVE-2008-0887)

Users of gnome-screensaver should upgrade to this updated package, which
contains a backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 435773 - CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away

CVEs

CVE-2008-0887

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
gnome-screensaver-2.16.1-5.el5_1.1.src.rpm	SHA-256: 360d2a5309df465ca8cb57676497055625f3aeda020156d42c7b8cedca3cb47d
x86_64
gnome-screensaver-2.16.1-5.el5_1.1.x86_64.rpm	SHA-256: 92b0f55c5e8ab0fb7a2bb9b99a7046a2dd4d9e366f70f1f3a037c33374063481
ia64
gnome-screensaver-2.16.1-5.el5_1.1.ia64.rpm	SHA-256: 5fa5ec684e7946103cf2c76341c5c31b17c8098be6044cf06b43577245900645
i386
gnome-screensaver-2.16.1-5.el5_1.1.i386.rpm	SHA-256: 6c798300f1c71810eccde756f467a3441b4716e498a270f289e11a107418867c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
gnome-screensaver-2.16.1-5.el5_1.1.src.rpm	SHA-256: 360d2a5309df465ca8cb57676497055625f3aeda020156d42c7b8cedca3cb47d
x86_64
gnome-screensaver-2.16.1-5.el5_1.1.x86_64.rpm	SHA-256: 92b0f55c5e8ab0fb7a2bb9b99a7046a2dd4d9e366f70f1f3a037c33374063481
i386
gnome-screensaver-2.16.1-5.el5_1.1.i386.rpm	SHA-256: 6c798300f1c71810eccde756f467a3441b4716e498a270f289e11a107418867c

Red Hat Enterprise Linux Desktop 5

SRPM
gnome-screensaver-2.16.1-5.el5_1.1.src.rpm	SHA-256: 360d2a5309df465ca8cb57676497055625f3aeda020156d42c7b8cedca3cb47d
x86_64
gnome-screensaver-2.16.1-5.el5_1.1.x86_64.rpm	SHA-256: 92b0f55c5e8ab0fb7a2bb9b99a7046a2dd4d9e366f70f1f3a037c33374063481
i386
gnome-screensaver-2.16.1-5.el5_1.1.i386.rpm	SHA-256: 6c798300f1c71810eccde756f467a3441b4716e498a270f289e11a107418867c

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gnome-screensaver-2.16.1-5.el5_1.1.src.rpm	SHA-256: 360d2a5309df465ca8cb57676497055625f3aeda020156d42c7b8cedca3cb47d
s390x
gnome-screensaver-2.16.1-5.el5_1.1.s390x.rpm	SHA-256: c3f8dde9ed3f02564f0eb12811e91d1960ed602a2c02eab2bf31c2a771b86b33

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gnome-screensaver-2.16.1-5.el5_1.1.src.rpm	SHA-256: 360d2a5309df465ca8cb57676497055625f3aeda020156d42c7b8cedca3cb47d
ppc
gnome-screensaver-2.16.1-5.el5_1.1.ppc.rpm	SHA-256: 82c5665696fe3b38cbb1d1b66b7d7c33bc56227d5fd4267238c35ed76978688e

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gnome-screensaver-2.16.1-5.el5_1.1.src.rpm	SHA-256: 360d2a5309df465ca8cb57676497055625f3aeda020156d42c7b8cedca3cb47d
x86_64
gnome-screensaver-2.16.1-5.el5_1.1.x86_64.rpm	SHA-256: 92b0f55c5e8ab0fb7a2bb9b99a7046a2dd4d9e366f70f1f3a037c33374063481
i386
gnome-screensaver-2.16.1-5.el5_1.1.i386.rpm	SHA-256: 6c798300f1c71810eccde756f467a3441b4716e498a270f289e11a107418867c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation