Mailinglist Archive: opensuse-updates (57 mails)

< Previous Next >
openSUSE-SU-2010:0426-1 (moderate): lxsession security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Fri, 23 Jul 2010 17:08:12 +0200 (CEST)
  • Message-id: <20100723150812.91E61BE29@xxxxxxxxxxxxxx>
openSUSE Security Update: lxsession security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0426-1
Rating: moderate
References: #622083 #623192
Cross-References: CVE-2010-2532
Affected Products:
openSUSE 11.3
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

lxsession-logout did not properly lock the screen before
suspending, hibernating and switching between users which
could allow attackers with physical access to take control
of the system to obtain sensitive information and / or
execute arbitrary code in the context of the user who is
currently logged in (CVE-2010-2532).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch lxsession-2776

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 src x86_64):

lxsession-0.4.4-3.1.1


References:

http://support.novell.com/security/cve/CVE-2010-2532.html
https://bugzilla.novell.com/622083
https://bugzilla.novell.com/623192


< Previous Next >
This Thread
  • No further messages