Referenced CVEs:
CVE-2007-6389, CVE-2008-0887
Description:
===========================================================Ubuntu Security Notice USN-669-1 November 11, 2008gnome-screensaver vulnerabilitiesCVE-2007-6389, CVE-2008-0887===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: gnome-screensaver 2.14.3-0ubuntu1.1Ubuntu 7.10: gnome-screensaver 2.20.0-0ubuntu4.3After a standard system upgrade you need to restart all user sessions onyour computer to effect the necessary changes.Details follow:It was discovered that the notify feature in gnome-screensaver could leta local attacker read the clipboard contents of a locked session byusing Ctrl-V. (CVE-2007-6389)Alan Matsuoka discovered that gnome-screensaver did not properly handlenetwork outages when using a remote authentication service. During anetwork interruption, or by disconnecting the network cable, a localattacker could gain access to locked sessions. (CVE-2008-0887)