Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 440776 (CVE-2012-4524) - <x11-misc/xlockmore-5.41: Screensaver crash (screen lock bypass) when 'dclock' mode used (CVE-2012-4524)
Summary: <x11-misc/xlockmore-5.41: Screensaver crash (screen lock bypass) when 'dclock...
Status: RESOLVED FIXED
Alias: CVE-2012-4524
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-01 16:16 UTC by Agostino Sarubbo
Modified: 2013-09-02 09:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-11-01 16:16:29 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=867908 :

A denial of service flaw was found in the way xlockmore, X screen lock and screen saver, performed 
passing arguments to underlying localtime() call, when the 'dlock' mode was used. An attacker could 
use this flaw to potentially obtain unauthorized access to screen / graphical session, previously 
locked by another user / victim.

CVE request (containing also patch proposal):
[1] http://www.openwall.com/lists/oss-security/2012/10/17/10
Comment 1 Jeroen Roovers gentoo-dev 2012-11-02 16:28:36 UTC
5.41
  ...
  dclock: fix for segmentation violation noticed on NetBSD and now more Y2038
    safe thanks to Ignatios Souvatzis <is AT netbsd.org>.
  ...

Arch teams, please test and mark stable:
=x11-misc/xlockmore-5.41
Stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86
Comment 2 Anthony Basile gentoo-dev 2012-11-02 22:46:57 UTC
stable ppc ppc64
Comment 3 Agostino Sarubbo gentoo-dev 2012-11-03 15:35:21 UTC
amd64 stable
Comment 4 Jeroen Roovers gentoo-dev 2012-11-03 17:00:43 UTC
Stable for HPPA.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2012-11-11 16:35:37 UTC
alpha/sparc/x86 stable
Comment 6 Sean Amoss gentoo-dev Security 2012-11-12 11:43:19 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 22:04:32 UTC
Vote: yes, GLSA request created.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-09-02 09:33:05 UTC
This issue was resolved and addressed in
 GLSA 201309-03 at http://security.gentoo.org/glsa/glsa-201309-03.xml
by GLSA coordinator Sergey Popov (pinkbyte).