| Summary: | xscreensaver new security issue allowing to cause crash and locked screen bypass (CVE-2021-34557) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, guillaume.royer, herman.viaene, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | xscreensaver-5.45-1.1.mga8.src.rpm | CVE: | CVE-2021-34557 |
| Status comment: | |||
|
Description
David Walser
2021-06-06 20:05:03 CEST
David Walser
2021-06-06 20:05:12 CEST
CC:
(none) =>
nicolas.salguero Assigning this (not just CC) to NicolasS who maintains this SRPM. Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue allowing to cause crash and locked screen bypass. References: https://www.openwall.com/lists/oss-security/2021/06/05/1 ======================== Updated packages in 8/core/updates_testing: ======================== xscreensaver-extrusion-5.45-1.4.mga8 xscreensaver-common-5.45-1.4.mga8 xscreensaver-5.45-1.4.mga8 xscreensaver-base-5.45-1.4.mga8 xscreensaver-gl-5.45-1.4.mga8 from SRPM: xscreensaver-5.45-1.4.mga8.src.rpm Updated packages in 8/tainted/updates_testing: ======================== xscreensaver-matrix-5.45-1.4.mga8.tainted xscreensaver-common-5.45-1.4.mga8.tainted xscreensaver-extrusion-5.45-1.4.mga8.tainted xscreensaver-5.45-1.4.mga8.tainted xscreensaver-base-5.45-1.4.mga8.tainted xscreensaver-gl-5.45-1.4.mga8.tainted from SRPM: xscreensaver-5.45-1.4.mga8.tainted.src.rpm Assignee:
nicolas.salguero =>
qa-bugs MGA 8 LXQt Updated with QA repo tool and : xscreensaver-matrix-5.45-1.4.mga8.tainted xscreensaver-common-5.45-1.4.mga8.tainted xscreensaver-extrusion-5.45-1.4.mga8.tainted xscreensaver-5.45-1.4.mga8.tainted xscreensaver-base-5.45-1.4.mga8.tainted xscreensaver-gl-5.45-1.4.mga8.tainted No issues found after running Xscreensaver CC:
(none) =>
guillaume.royer This has a CVE now: https://www.openwall.com/lists/oss-security/2021/06/11/1 Summary:
xscreensaver new security issue allowing to cause crash and locked screen bypass =>
xscreensaver new security issue allowing to cause crash and locked screen bypass (CVE-2021-34557) MGA8-64 Plasmaon Lenovo B50 Installed first the "regular" version. At CLI: $ xscreensaver-demo Does exactly what it is supposed, shows window where to choose the options and runs an example. $ xscreensaver-command usage: xscreensaver-command -<option> This program provides external control of a running xscreensaver process. Version 5.45, copyright (c) 1991-2020 Jamie Zawinski <jwz@jwz.org>. The xscreensaver program is a daemon that runs in the background. You control a running xscreensaver process by sending it messages with this program, xscreensaver-command. See the man pages for details. These are the arguments understood by xscreensaver-command: -quiet Only print output if an error occurs. etc ...... I will remove these and install the tainted....... CC:
(none) =>
herman.viaene For tainted versions, same test as above, works OK. Side note: try the BSOD screensaver: scary...... Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Aurelien Oudelet
2021-06-22 21:58:11 CEST
CC:
(none) =>
ouaurelien An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0278.html Status:
ASSIGNED =>
RESOLVED |