MGASA-2012-0328
| Date: | November 9th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated xlockmore packages fix security vulnerability:
A denial of service flaw was found in the way xlockmore, X screen lock
and screen saver, performed passing arguments to underlying localtime()
call, when the 'dclock' mode was used. An attacker could use this flaw
to potentially obtain unauthorized access to screen / graphical session,
previously locked by another user / victim (CVE-2012-4524)
Updated Packages:
Mageia 1:
xlockmore-5.32-1.1.mga1
xlockmore-gtk2-5.32-1.1.mga1
Mageia 2:
xlockmore-5.38-2.1.mga2
xlockmore-gtk2-5.38-2.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4524
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.html
https://bugs.mageia.org/show_bug.cgi?id=8008
