Bug 1274452
Summary: | Xscreensaver lock bypass | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jean-Christophe Baptiste <jc> |
Component: | xscreensaver | Assignee: | Mamoru TASAKA <mtasaka> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | carnil, cheese, jc, mtasaka |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | xscreensaver-5.34-1.fc22 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-05 23:24:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1276355, 1276592 |
Description
Jean-Christophe Baptiste
2015-10-22 18:27:59 UTC
I cannot reproduce this issue. * Would you result the result of $ rpm -qa | sort ? * Would you attach the result of $ xrandr before and after you unplug the HDMI cable? * Would you attach /var/log/Xorg.0.log ? * Would you attach the result of gdb backtrace? Note that "xscreensaver segfaults" does not immediately mean that xscreensaver is the culprit. I cannot reproduce the issue all the time, and sometimes it simply crashes freezing all Xorg, so I have to hard reboot. So I am having hard time catching the backtrace. Now I have to get my machine back to work and secure, so I am falling back to slock. Not sure I can help much for now and for security reasons I cannot not send you all the info you request. Can you narrow it down (packages, errors, etc.)? A common point with the guy that reported the bug first on Twitter seems to be that we are on Intel graphics. Please note that he did post a gdb screenshot showing a NULL pointer reference on a cmp instruction. He may be able to help you more with the full backtrace and more details. The upstream developer and me already tracked down the cause and hopefully the upstream release the new version. xscreensaver-5.33-5.respin1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-19b2b73dc5 xscreensaver-5.33-5.respin1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d0df8d770 xscreensaver-5.33-5.respin1.fc21 has been submitted as an update to Fedora 21. https://bodhi.fedoraproject.org/updates/FEDORA-2015-adfd729dbc xscreensaver 5.34 is released, which should address this issue (Fedora 5.33-5 includes the fix by the upstream) xscreensaver-5.34-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update xscreensaver' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-19b2b73dc5 xscreensaver-5.34-1.fc21 has been pushed to the Fedora 21 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update xscreensaver' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-adfd729dbc xscreensaver-5.34-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update xscreensaver' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d0df8d770 http://www.openwall.com/lists/oss-security/2015/10/29/12 CVE-2015-8025 is now assigned. *** Bug 1276357 has been marked as a duplicate of this bug. *** xscreensaver-5.34-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. xscreensaver-5.34-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. xscreensaver-5.34-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |