CVE-2009-4641

Description

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

How to fix CVE-2009-4641

To remediate CVE-2009-4641, upgrade the affected package to a fixed version below.

• Debian/gnome-screensaver—upgrade to 2.28.0-2 or later

Is CVE-2009-4641 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.28.0-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-4641