Bug 703483 (CVE-2011-2187)
Summary: | CVE-2011-2187 xscreensaver: exits when activated (DPMSForceLevel) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Henrique Martins <fedora> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jlieskov, mtasaka |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | xscreensaver-5.13-3.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-13 23:13:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Henrique Martins
2011-05-10 13:47:26 UTC
Sorry cut & pasted version from VNC didn't work! Actual version-release number is: xscreensaver-5.13-1.fc14 both i686 and x86_64 Does not seem to be reproducible with me (although I am using F-15). Would you do the following? Thank you. - Attach /etc/X11/xorg.conf (if any), and /var/log/Xorg.0.log - Attach ~/.xscreensaver - Once kill xscreensaver with $ xscreensaver-command -exit , and attach the output of $ xscreensaver -debug Maybe $ xscreensaver -sync -verbose -debug is more useful. Tried that (or maybe -log ... instead of -debug), same result, no core. Need to look into core limit settings but can't do it till later. Reverting a few machines ... For this issue, dumping core needs "-sync" option. Easily reproducible with - MODE: Blank screen only - "Power Management Enabled": unchecked - and execute $ xscreensaver-command -act :( Yes, those are my settings, guess I don't need to check further. Reverted to, and works fine with xscreensaver-5.12-14. xscreensaver-5.13-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/xscreensaver-5.13-2.fc15 xscreensaver-5.13-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/xscreensaver-5.13-2.fc14 x86_64 works, will try i686 in a moment, but this set of rpms has the same problem that xscreensaver-5.12-14.fc14.x86_64 had, i.e. yum complains: Package xscreensaver-gl-base-5.13-2.fc14.x86_64.rpm is not signed and requires a --nogpgcheck to be installed. i686 also works, xscreensaver-gl-base is also not signed Package xscreensaver-5.13-2.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing xscreensaver-5.13-2.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/xscreensaver-5.13-2.fc14 then log in and leave karma (feedback). I guess now all these new rpms (except for ones for rawhide) are signed (packages are to be signed just before they are pushed into testing or stable repository). However thank you for quick confirmation. xscreensaver-5.13-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. xscreensaver-5.13-3.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/xscreensaver-5.13-3.fc15 xscreensaver-5.13-3.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. This issue did NOT affect the version of the xscreensaver package, as shipped with Red Hat Enterprise Linux 4. -- This issue did NOT affect the version of the xscreensaver package, as present within EPEL-6 repository. This has been assigned CVE-2011-2187 via: http://thread.gmane.org/gmane.comp.security.oss.general/5186/focus=5209 Statement: Not vulnerable. This issue did not affect the versions of xscreensaver as shipped with Red Hat Enterprise Linux 4. |