openSUSE Security Update: lxsession security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0426-1 Rating: moderate References: #622083 #623192 Cross-References: CVE-2010-2532 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: lxsession-logout did not properly lock the screen before suspending, hibernating and switching between users which could allow attackers with physical access to take control of the system to obtain sensitive information and / or execute arbitrary code in the context of the user who is currently logged in (CVE-2010-2532). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch lxsession-2776 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64): lxsession-0.4.4-3.1.1 References: http://support.novell.com/security/cve/CVE-2010-2532.html https://bugzilla.novell.com/622083 https://bugzilla.novell.com/623192