Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Oct 2015 00:12:38 +0900
From: Mamoru TASAKA <mtasaka@...oraproject.org>
To: oss-security@...ts.openwall.com
Cc: secalert@...hat.com, Mamoru Tasaka <mtasaka@...oraproject.org>
Subject: CVE request: xscreensaver aborts when unpluging second monitor cable
 when asking password

Hello, all:

I received a Fedora bug report
https://bugzilla.redhat.com/show_bug.cgi?id=1274452
that on XFCE,

* using VGA and HDMI dual monitor (for example)
* lock the screen with $ xscreensaver-command -lock
* move mouse, password dialog appears
* during the time password dialog still appears, unplug HDMI cable

then xscreensaver abort()s (actually it abort()s,
not segv, however I guess it is not important)
(at the line 420 in xscreensaver-5.33/driver/subprocs.c)

100% reproducible. This issue is already in public as
https://twitter.com/Thaolia/status/656823859304398848

I and the upstream developer already tracked down the cause
and the upstream send me a patch, which seems to be
working. hopefully the upstream
will release the new version soon.

Please assign a CVE ID for this.

Best regards,
Mamoru TASAKA <mtasaka@...oraproject.org>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ