Lucene search

CentOS ProjectCESA-2007:0322-01

HistoryMay 03, 2007 - 11:03 p.m.

xscreensaver security update

2007-05-0323:03:02

CentOS Project

lists.centos.org

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

26.9%

JSON

CentOS Errata and Security Advisory CESA-2007:0322-01

XScreenSaver is a collection of screensavers.

Alex Yamauchi discovered a flaw in the way XScreenSaver verifies user
passwords. When a system is using a remote directory service for login
credentials, a local attacker may be able to cause a network outage causing
XScreenSaver to crash, unlocking the screen. (CVE-2007-1859)

Users of XScreenSaver should upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075880.html

Affected packages:
xscreensaver

OSVersionArchitecturePackageVersionFilename
CentOS2i386xscreensaver< 3.33-4.rhel21.5xscreensaver-3.33-4.rhel21.5.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	2	i386	xscreensaver	< 3.33-4.rhel21.5	xscreensaver-3.33-4.rhel21.5.i386.rpm

References

steadfast.net/

www.ict.swin.edu.au/staff/jnewbigin

rhn.redhat.com/errata/rh21as-errata.html

twitter.com/centos

www.facebook.com/groups/centosproject/

www.linkedin.com/groups/22405

www.reddit.com/r/CentOS/

youtube.com/TheCentOSProject

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CESA-2007:0322-01