Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:109 (gtk+2.0)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67438

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:109 (gtk+2.0)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to gtk+2.0
announced via advisory MDVSA-2010:109.

A vulnerability was discovered and fixed in gtk+2.0:

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver
before 2.28.1, performs implicit paints on windows of type
GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances
and consequently allows physically proximate attackers to bypass
screen locking and access an unattended workstation by pressing the
Enter key many times (CVE-2010-0732).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update fixes this issue.

Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:109

Risk factor : High

CVSS Score:
6.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0732
38211
http://www.securityfocus.com/bid/38211
39317
http://secunia.com/advisories/39317
MDVSA-2010:109
http://www.mandriva.com/security/advisories?name=MDVSA-2010:109
SUSE-SR:2010:008
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
[oss-security] 20100212 CVE Request: gnome-screensaver termination by pressing "Enter"
http://www.openwall.com/lists/oss-security/2010/02/12/1
[oss-security] 20100305 Re: CVE Request: gnome-screensaver termination by pressing "Enter"
http://www.openwall.com/lists/oss-security/2010/03/05/2
[oss-security] 20100316 Re: Re: CVE Request: gnome-screensaver termination by pressing "Enter"
http://www.openwall.com/lists/oss-security/2010/03/16/9
http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news
http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520
http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0
http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1
http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html
https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395
https://bugzilla.gnome.org/show_bug.cgi?id=598476
https://bugzilla.redhat.com/show_bug.cgi?id=565527

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67438
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:109 (gtk+2.0)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gtk+2.0 announced via advisory MDVSA-2010:109. A vulnerability was discovered and fixed in gtk+2.0: gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times (CVE-2010-0732). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update fixes this issue. Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:109 Risk factor : High CVSS Score: 6.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0732 38211 http://www.securityfocus.com/bid/38211 39317 http://secunia.com/advisories/39317 MDVSA-2010:109 http://www.mandriva.com/security/advisories?name=MDVSA-2010:109 SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html [oss-security] 20100212 CVE Request: gnome-screensaver termination by pressing "Enter" http://www.openwall.com/lists/oss-security/2010/02/12/1 [oss-security] 20100305 Re: CVE Request: gnome-screensaver termination by pressing "Enter" http://www.openwall.com/lists/oss-security/2010/03/05/2 [oss-security] 20100316 Re: Re: CVE Request: gnome-screensaver termination by pressing "Enter" http://www.openwall.com/lists/oss-security/2010/03/16/9 http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520 http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0 http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1 http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395 https://bugzilla.gnome.org/show_bug.cgi?id=598476 https://bugzilla.redhat.com/show_bug.cgi?id=565527
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com