Red Hat Product Errata RHSA-2008:0218 - Security Advisory

Issued:: 2008-05-21
Updated:: 2008-05-21

RHSA-2008:0218 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: gnome-screensaver security update

Type/Severity

Security Advisory: Moderate

Topic

An updated gnome-screensaver package that fixes a security flaw is now
available for Red Hat Enterprise Linux FasTrack 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

gnome-screensaver is the GNOME project's official screen saver program.

A flaw was found in the way gnome-screensaver verified user passwords. When
a system used a remote directory service for login credentials, a local
attacker able to cause a network outage could cause gnome-screensaver to
crash, unlocking the screen. (CVE-2008-0887)

Users of gnome-screensaver should upgrade to this updated package, which
contains a backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 435773 - CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away

CVEs

CVE-2008-0887

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
gnome-screensaver-2.16.1-8.el5.src.rpm	SHA-256: 6516df61314015db63e561b37b59e92fc4fed69bfd29d51f61b51a928ff9816c
x86_64
gnome-screensaver-2.16.1-8.el5.x86_64.rpm	SHA-256: 2f96caf00de6d2bfd18099bd5048617cfe53df05ff484adfa4f927203b9515b3
ia64
gnome-screensaver-2.16.1-8.el5.ia64.rpm	SHA-256: bb01be5f341372200596e60a7d7e88d8b38935d595cddc1f1ac6cd2539e22209
i386
gnome-screensaver-2.16.1-8.el5.i386.rpm	SHA-256: 5cca1b1d292d74ed585614371d648b664d6019497fd675409ecc980d9e220447

Red Hat Enterprise Linux Workstation 5

SRPM
gnome-screensaver-2.16.1-8.el5.src.rpm	SHA-256: 6516df61314015db63e561b37b59e92fc4fed69bfd29d51f61b51a928ff9816c
x86_64
gnome-screensaver-2.16.1-8.el5.x86_64.rpm	SHA-256: 2f96caf00de6d2bfd18099bd5048617cfe53df05ff484adfa4f927203b9515b3
i386
gnome-screensaver-2.16.1-8.el5.i386.rpm	SHA-256: 5cca1b1d292d74ed585614371d648b664d6019497fd675409ecc980d9e220447

Red Hat Enterprise Linux Desktop 5

SRPM
gnome-screensaver-2.16.1-8.el5.src.rpm	SHA-256: 6516df61314015db63e561b37b59e92fc4fed69bfd29d51f61b51a928ff9816c
x86_64
gnome-screensaver-2.16.1-8.el5.x86_64.rpm	SHA-256: 2f96caf00de6d2bfd18099bd5048617cfe53df05ff484adfa4f927203b9515b3
i386
gnome-screensaver-2.16.1-8.el5.i386.rpm	SHA-256: 5cca1b1d292d74ed585614371d648b664d6019497fd675409ecc980d9e220447

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gnome-screensaver-2.16.1-8.el5.src.rpm	SHA-256: 6516df61314015db63e561b37b59e92fc4fed69bfd29d51f61b51a928ff9816c
s390x
gnome-screensaver-2.16.1-8.el5.s390x.rpm	SHA-256: bd2cf86d6900e3a70be5f82e3677750abce45d15507236e2ddd9c3162ee33c0c

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gnome-screensaver-2.16.1-8.el5.src.rpm	SHA-256: 6516df61314015db63e561b37b59e92fc4fed69bfd29d51f61b51a928ff9816c
ppc
gnome-screensaver-2.16.1-8.el5.ppc.rpm	SHA-256: d210156adc3eecd81be45f9d7f9c24f7a48efac8328512f6df31d06a355df77c

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gnome-screensaver-2.16.1-8.el5.src.rpm	SHA-256: 6516df61314015db63e561b37b59e92fc4fed69bfd29d51f61b51a928ff9816c
x86_64
gnome-screensaver-2.16.1-8.el5.x86_64.rpm	SHA-256: 2f96caf00de6d2bfd18099bd5048617cfe53df05ff484adfa4f927203b9515b3
i386
gnome-screensaver-2.16.1-8.el5.i386.rpm	SHA-256: 5cca1b1d292d74ed585614371d648b664d6019497fd675409ecc980d9e220447

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories