Note: This is an archival copy of Security Sun Alert 268288 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020972.1.
Article ID : 1020972.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Regression in the Solaris 10 Gnome-XScreenSaver (see xscreensaver(1)) may Allow Pop-up Windows to Appear through XScreenSaver when the Accessibility Feature is On



Category
Security

Release Phase
Resolved

Bug Id
6875930

Product
Solaris 10 Operating System

Date of Resolved Release
20-Oct-2009

A regression introduced in the Solaris 10 XScreenSaver(see xscreensaver(1)) :

1. Impact

A regression introduced in the Solaris 10 XScreenSaver(see xscreensaver(1))
patches 120094-27 for the SPARC platform and 120095-27 for the x86 platform
may allow pop-up windows to appear through XScreenSaver when the accessibility
feature is turned on.


2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 10 with patch 120094-27 or 120094-28 and without patch 120094-29
x86 Platform
  • Solaris 10 with patch 120095-27 or 120095-28 and without patch 120095-29

Note 1: Solaris 8, Solaris 9 and OpenSolaris are not impacted by this issue.

Note 2: This regression only occurs if the Accessibility support is enabled on the system.
To determine if the Accessibility support is enabled, launch gnome-accessibility-keyboard-properties
(see gnome-accessibility-keyboard-properties(1)) and verify if the  "Enable keyboard accessibility
features" checkbox is selected.


3. Symptoms

Should the described issue occur, pop-up windows may appear through the xscreensaver(1),
when the screen is locked and the xscreensaver(1) is running on a system which has the
accessibility feature turned on.



4. Workaround

Until the resolution patches can be applied, this issue may be worked around by disabling
the accessibility feature. To disable accessibility on a Solaris 10 system, launch
gnome-accessibility-keyboard-properties(1) and de-select the "Enable keyboard accessibility features" checkbox.



5. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 120094-29 or later

x86 Platform

  • Solaris 10 with patch 120095-29 or later

For more information on Security Sun Alerts, see


References

120094-29
120095-29

This regression was introduced by the the putback for CR 6839026.





References

SUNPATCH:120094-29
SUNPATCH:120095-29



Attachments
This solution has no attachment