A security issue in XScreenSaver 5.45 has been announced on June 5: https://www.openwall.com/lists/oss-security/2021/06/05/1 See the other messages in the thread for discussion of how it was fixed.
CC: (none) => nicolas.salguero
Assigning this (not just CC) to NicolasS who maintains this SRPM.
Assignee: bugsquad => nicolas.salgueroCC: nicolas.salguero => (none)
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue allowing to cause crash and locked screen bypass. References: https://www.openwall.com/lists/oss-security/2021/06/05/1 ======================== Updated packages in 8/core/updates_testing: ======================== xscreensaver-extrusion-5.45-1.4.mga8 xscreensaver-common-5.45-1.4.mga8 xscreensaver-5.45-1.4.mga8 xscreensaver-base-5.45-1.4.mga8 xscreensaver-gl-5.45-1.4.mga8 from SRPM: xscreensaver-5.45-1.4.mga8.src.rpm Updated packages in 8/tainted/updates_testing: ======================== xscreensaver-matrix-5.45-1.4.mga8.tainted xscreensaver-common-5.45-1.4.mga8.tainted xscreensaver-extrusion-5.45-1.4.mga8.tainted xscreensaver-5.45-1.4.mga8.tainted xscreensaver-base-5.45-1.4.mga8.tainted xscreensaver-gl-5.45-1.4.mga8.tainted from SRPM: xscreensaver-5.45-1.4.mga8.tainted.src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNED
MGA 8 LXQt Updated with QA repo tool and : xscreensaver-matrix-5.45-1.4.mga8.tainted xscreensaver-common-5.45-1.4.mga8.tainted xscreensaver-extrusion-5.45-1.4.mga8.tainted xscreensaver-5.45-1.4.mga8.tainted xscreensaver-base-5.45-1.4.mga8.tainted xscreensaver-gl-5.45-1.4.mga8.tainted No issues found after running Xscreensaver
CC: (none) => guillaume.royer
This has a CVE now: https://www.openwall.com/lists/oss-security/2021/06/11/1
Summary: xscreensaver new security issue allowing to cause crash and locked screen bypass => xscreensaver new security issue allowing to cause crash and locked screen bypass (CVE-2021-34557)
MGA8-64 Plasmaon Lenovo B50 Installed first the "regular" version. At CLI: $ xscreensaver-demo Does exactly what it is supposed, shows window where to choose the options and runs an example. $ xscreensaver-command usage: xscreensaver-command -<option> This program provides external control of a running xscreensaver process. Version 5.45, copyright (c) 1991-2020 Jamie Zawinski <jwz@jwz.org>. The xscreensaver program is a daemon that runs in the background. You control a running xscreensaver process by sending it messages with this program, xscreensaver-command. See the man pages for details. These are the arguments understood by xscreensaver-command: -quiet Only print output if an error occurs. etc ...... I will remove these and install the tainted.......
CC: (none) => herman.viaene
For tainted versions, same test as above, works OK. Side note: try the BSOD screensaver: scary......
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => ouaurelienKeywords: (none) => advisoryCVE: (none) => CVE-2021-34557
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0278.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED