FS#28003 : [xorg-server] 1.11 - An Easy But Serious Screensaver Security Problem In X.Org

FS#28003 - [xorg-server] 1.11 - An Easy But Serious Screensaver Security Problem In X.Org

Attached to Project: Arch Linux
Opened by Daniel (8472) - Thursday, 19 January 2012, 18:27 GMT
Last edited by Ionut Biru (wonder) - Thursday, 19 January 2012, 18:59 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
Bypass screensaver/locker program on xorg 1.11 and up | An Easy But Serious Screensaver Security Problem In X.Org

Additional info:
* package version(s) - 1.11

Steps to reproduce:
http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/

can you please verify it, at if confirmed, to disable it as mentioned in the 2nd URL?

This task depends upon

Closed by Ionut Biru (wonder)
Thursday, 19 January 2012, 18:59 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#27993~~

Comment by Erik Johnson (archtaku) - Thursday, 19 January 2012, 18:47 GMT

Confirmed in 1.11.3-1. Ctrl+Alt+* kills xscreensaver when screen is locked.

Comment by Erik Johnson (archtaku) - Thursday, 19 January 2012, 18:48 GMT

Workaround posted here: http://openwall.com/lists/oss-security/2012/01/19/7

Comment by Daniel (8472) - Thursday, 19 January 2012, 18:50 GMT

I'm aware of the workaround, but I presume it would be good to fix it in the Arch package himself if possible, and distribute it as 1.11.3-2

Comment by Erik Johnson (archtaku) - Thursday, 19 January 2012, 18:54 GMT

Well, duh.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#28003 - [xorg-server] 1.11 - An Easy But Serious Screensaver Security Problem In X.Org

Details

Loading...