Skip to navigation

Security Advisory Important: xscreensaver security update

Advisory: RHSA-2007:0322-4
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-02
Last updated on: 2007-05-02
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2007-1859

Details

An updated xscreensaver package that fixes a security flaw is now
available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

XScreenSaver is a collection of screensavers.

Alex Yamauchi discovered a flaw in the way XScreenSaver verifies user
passwords. When a system is using a remote directory service for login
credentials, a local attacker may be able to cause a network outage causing
XScreenSaver to crash, unlocking the screen. (CVE-2007-1859)

Users of XScreenSaver should upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
xscreensaver-4.10-21.el3.src.rpm     MD5: a220a11b582081c9cafd1f0e235296a8
 
IA-32:
xscreensaver-4.10-21.el3.i386.rpm     MD5: 56b75d892fefa3c2be32f174d89f5afe
 
x86_64:
xscreensaver-4.10-21.el3.x86_64.rpm     MD5: 2e8945b59e3fa57d91b17d8901a2d2b3
 
Red Hat Desktop (v. 4)

SRPMS:
xscreensaver-4.18-5.rhel4.14.src.rpm     MD5: 428684b85a28e52cc022bacc09b4b338
 
IA-32:
xscreensaver-4.18-5.rhel4.14.i386.rpm     MD5: bced2ed92fa640bf57122b25d53b0d68
 
x86_64:
xscreensaver-4.18-5.rhel4.14.x86_64.rpm     MD5: 84443b21b382b568d96386c94b185df8
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
xscreensaver-3.33-4.rhel21.5.src.rpm     MD5: 8a6adffc86a33ea016d56fec422749c4
 
IA-32:
xscreensaver-3.33-4.rhel21.5.i386.rpm     MD5: 1305dcb9528278bb67d6815bede83175
 
IA-64:
xscreensaver-3.33-4.rhel21.5.ia64.rpm     MD5: c2c49fdc9a8177b611594174e8aee896
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
xscreensaver-4.10-21.el3.src.rpm     MD5: a220a11b582081c9cafd1f0e235296a8
 
IA-32:
xscreensaver-4.10-21.el3.i386.rpm     MD5: 56b75d892fefa3c2be32f174d89f5afe
 
IA-64:
xscreensaver-4.10-21.el3.ia64.rpm     MD5: 09673d8d04b1d463b5ec84b4c3168711
 
PPC:
xscreensaver-4.10-21.el3.ppc.rpm     MD5: 2b0de920c2f5a3ab1de6a94f6fe77d81
 
s390:
xscreensaver-4.10-21.el3.s390.rpm     MD5: 8ebf220e235b40e03978b68e47849f20
 
s390x:
xscreensaver-4.10-21.el3.s390x.rpm     MD5: 1c1fabdd8d673682f837531696e6b5d9
 
x86_64:
xscreensaver-4.10-21.el3.x86_64.rpm     MD5: 2e8945b59e3fa57d91b17d8901a2d2b3
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
xscreensaver-4.18-5.rhel4.14.src.rpm     MD5: 428684b85a28e52cc022bacc09b4b338
 
IA-32:
xscreensaver-4.18-5.rhel4.14.i386.rpm     MD5: bced2ed92fa640bf57122b25d53b0d68
 
IA-64:
xscreensaver-4.18-5.rhel4.14.ia64.rpm     MD5: dc05e1da2ec2036d9484cc6942e1a4c0
 
PPC:
xscreensaver-4.18-5.rhel4.14.ppc.rpm     MD5: a8a612bd4246cb5154ea5ebc3ca7c97c
 
s390:
xscreensaver-4.18-5.rhel4.14.s390.rpm     MD5: 504bb00f11b25c989c686cfd3e7c7bea
 
s390x:
xscreensaver-4.18-5.rhel4.14.s390x.rpm     MD5: e81fab0d8e34bcd3665deb525b7177d4
 
x86_64:
xscreensaver-4.18-5.rhel4.14.x86_64.rpm     MD5: 84443b21b382b568d96386c94b185df8
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
xscreensaver-4.18-5.rhel4.14.src.rpm     MD5: 428684b85a28e52cc022bacc09b4b338
 
IA-32:
xscreensaver-4.18-5.rhel4.14.i386.rpm     MD5: bced2ed92fa640bf57122b25d53b0d68
 
IA-64:
xscreensaver-4.18-5.rhel4.14.ia64.rpm     MD5: dc05e1da2ec2036d9484cc6942e1a4c0
 
PPC:
xscreensaver-4.18-5.rhel4.14.ppc.rpm     MD5: a8a612bd4246cb5154ea5ebc3ca7c97c
 
s390:
xscreensaver-4.18-5.rhel4.14.s390.rpm     MD5: 504bb00f11b25c989c686cfd3e7c7bea
 
s390x:
xscreensaver-4.18-5.rhel4.14.s390x.rpm     MD5: e81fab0d8e34bcd3665deb525b7177d4
 
x86_64:
xscreensaver-4.18-5.rhel4.14.x86_64.rpm     MD5: 84443b21b382b568d96386c94b185df8
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
xscreensaver-3.33-4.rhel21.5.src.rpm     MD5: 8a6adffc86a33ea016d56fec422749c4
 
IA-32:
xscreensaver-3.33-4.rhel21.5.i386.rpm     MD5: 1305dcb9528278bb67d6815bede83175
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
xscreensaver-4.10-21.el3.src.rpm     MD5: a220a11b582081c9cafd1f0e235296a8
 
IA-32:
xscreensaver-4.10-21.el3.i386.rpm     MD5: 56b75d892fefa3c2be32f174d89f5afe
 
IA-64:
xscreensaver-4.10-21.el3.ia64.rpm     MD5: 09673d8d04b1d463b5ec84b4c3168711
 
x86_64:
xscreensaver-4.10-21.el3.x86_64.rpm     MD5: 2e8945b59e3fa57d91b17d8901a2d2b3
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
xscreensaver-4.18-5.rhel4.14.src.rpm     MD5: 428684b85a28e52cc022bacc09b4b338
 
IA-32:
xscreensaver-4.18-5.rhel4.14.i386.rpm     MD5: bced2ed92fa640bf57122b25d53b0d68
 
IA-64:
xscreensaver-4.18-5.rhel4.14.ia64.rpm     MD5: dc05e1da2ec2036d9484cc6942e1a4c0
 
x86_64:
xscreensaver-4.18-5.rhel4.14.x86_64.rpm     MD5: 84443b21b382b568d96386c94b185df8
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
xscreensaver-4.18-5.rhel4.14.src.rpm     MD5: 428684b85a28e52cc022bacc09b4b338
 
IA-32:
xscreensaver-4.18-5.rhel4.14.i386.rpm     MD5: bced2ed92fa640bf57122b25d53b0d68
 
IA-64:
xscreensaver-4.18-5.rhel4.14.ia64.rpm     MD5: dc05e1da2ec2036d9484cc6942e1a4c0
 
x86_64:
xscreensaver-4.18-5.rhel4.14.x86_64.rpm     MD5: 84443b21b382b568d96386c94b185df8
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
xscreensaver-3.33-4.rhel21.5.src.rpm     MD5: 8a6adffc86a33ea016d56fec422749c4
 
IA-32:
xscreensaver-3.33-4.rhel21.5.i386.rpm     MD5: 1305dcb9528278bb67d6815bede83175
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
xscreensaver-4.10-21.el3.src.rpm     MD5: a220a11b582081c9cafd1f0e235296a8
 
IA-32:
xscreensaver-4.10-21.el3.i386.rpm     MD5: 56b75d892fefa3c2be32f174d89f5afe
 
IA-64:
xscreensaver-4.10-21.el3.ia64.rpm     MD5: 09673d8d04b1d463b5ec84b4c3168711
 
x86_64:
xscreensaver-4.10-21.el3.x86_64.rpm     MD5: 2e8945b59e3fa57d91b17d8901a2d2b3
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
xscreensaver-4.18-5.rhel4.14.src.rpm     MD5: 428684b85a28e52cc022bacc09b4b338
 
IA-32:
xscreensaver-4.18-5.rhel4.14.i386.rpm     MD5: bced2ed92fa640bf57122b25d53b0d68
 
IA-64:
xscreensaver-4.18-5.rhel4.14.ia64.rpm     MD5: dc05e1da2ec2036d9484cc6942e1a4c0
 
x86_64:
xscreensaver-4.18-5.rhel4.14.x86_64.rpm     MD5: 84443b21b382b568d96386c94b185df8
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
xscreensaver-3.33-4.rhel21.5.src.rpm     MD5: 8a6adffc86a33ea016d56fec422749c4
 
IA-64:
xscreensaver-3.33-4.rhel21.5.ia64.rpm     MD5: c2c49fdc9a8177b611594174e8aee896
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

237003 - CVE-2007-1859 xscreensaver authentication bypass


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/