Bug 29086 - xscreensaver new security issue allowing to cause crash and locked screen bypass (CVE-2021-34557)
Summary: xscreensaver new security issue allowing to cause crash and locked screen byp...
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-06 20:05 CEST by David Walser
Modified: 2021-06-13 23:36 CEST (History)
1 user (show)

See Also:
Source RPM: xscreensaver-5.45-1.1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-06-06 20:05:03 CEST
A security issue in XScreenSaver 5.45 has been announced on June 5:
https://www.openwall.com/lists/oss-security/2021/06/05/1

See the other messages in the thread for discussion of how it was fixed.
David Walser 2021-06-06 20:05:12 CEST

CC: (none) => nicolas.salguero

Comment 1 Lewis Smith 2021-06-06 20:23:59 CEST
Assigning this (not just CC) to NicolasS who maintains this SRPM.

Assignee: bugsquad => nicolas.salguero
CC: nicolas.salguero => (none)

Comment 2 Nicolas Salguero 2021-06-07 14:40:39 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability:

An issue allowing to cause crash and locked screen bypass.

References:
https://www.openwall.com/lists/oss-security/2021/06/05/1
========================

Updated packages in 8/core/updates_testing:
========================
xscreensaver-extrusion-5.45-1.4.mga8
xscreensaver-common-5.45-1.4.mga8
xscreensaver-5.45-1.4.mga8
xscreensaver-base-5.45-1.4.mga8
xscreensaver-gl-5.45-1.4.mga8

from SRPM:
xscreensaver-5.45-1.4.mga8.src.rpm

Updated packages in 8/tainted/updates_testing:
========================
xscreensaver-matrix-5.45-1.4.mga8.tainted
xscreensaver-common-5.45-1.4.mga8.tainted
xscreensaver-extrusion-5.45-1.4.mga8.tainted
xscreensaver-5.45-1.4.mga8.tainted
xscreensaver-base-5.45-1.4.mga8.tainted
xscreensaver-gl-5.45-1.4.mga8.tainted

from SRPM:
xscreensaver-5.45-1.4.mga8.tainted.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED

Comment 3 Guillaume Royer 2021-06-12 14:59:43 CEST
MGA 8 LXQt 

Updated with QA repo tool and :

xscreensaver-matrix-5.45-1.4.mga8.tainted
xscreensaver-common-5.45-1.4.mga8.tainted
xscreensaver-extrusion-5.45-1.4.mga8.tainted
xscreensaver-5.45-1.4.mga8.tainted
xscreensaver-base-5.45-1.4.mga8.tainted
xscreensaver-gl-5.45-1.4.mga8.tainted

No issues found after running Xscreensaver

CC: (none) => guillaume.royer

Comment 4 David Walser 2021-06-13 23:36:53 CEST
This has a CVE now:
https://www.openwall.com/lists/oss-security/2021/06/11/1

Summary: xscreensaver new security issue allowing to cause crash and locked screen bypass => xscreensaver new security issue allowing to cause crash and locked screen bypass (CVE-2021-34557)


Note You need to log in before you can comment on or make changes to this bug.