Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Jul 2013 19:18:07 +0000
From: "mancha" <mancha1@...h.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request - xlockmore 5.43 fixes a security flaw

Hello Kurt, vendors, et al.

xlockmore 5.43 released 2 days ago with a fix for a security
flaw related to potential NULL pointer dereferences when
authenticating via glibc 2.17+ crypt() and OSF/1 C2 security's
dispcrypt().

Under certain conditions the NULL pointers can trigger a crash
in xlockmore effectively bypassing the screen lock.

[1] http://www.tux.org/~bagleyd/xlock/xlockmore.README

--mancha

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ