[Secure-testing-team] Bug#631391: [kdm] kdm show an uninitialized video memory or garbled images

Francesco Muzio muziofg at email.it
Thu Jun 23 14:39:34 UTC 2011 

Package: kdm
Version: 4:4.6.3-1
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

When kdm startup and/or I logon/logoff from my desktop I see on the 
screen a very strange effect:

If I booted my machine from a cold start kdm show me, before the login, 
at full screen a periodic "snow effect". I think this is the 
uninitialized video memory.

If I rebooted my machine or simply rebooted kdm or also more simply 
logout from KDE I see on the screen old images (jpegs, desktops, and 
other resources stores on video memory) spread on fullscreen.

This is ugly and a security problem.
If I saw something like a private or secret such as passwords, important 
documents, adult content, and other things that I consider worthy of 
privacy these could be displayed on the screen against our will.

I have experienced this problem on 2 machine, both with a radeon card 
(HD3650 and HD6670) with KMS Enabled

This problem doesn't appear with gdm.
This problem is probably related to plasma desktop, when I try to 
logout/shutdown/reboot (and desktop effects are disabled) I see the same 
garbage effect.




--- System information. ---
Architecture: i386
Kernel: Linux 2.6.39

Debian Release: wheezy/sid
500 testing ftp.it.debian.org

--- Package information. ---
Depends (Version) | Installed
=======================================================-+-=================== 

kdebase-runtime | 4:4.6.3-1
libc6 (>= 2.3) | 2.13-4
libck-connector0 (>= 0.2.1) | 0.4.5-1
libdbus-1-3 (>= 1.0.2) | 1.4.12-2
libkdecore5 (>= 4:4.6.3) | 4:4.6.3-3
libkdeui5 (>= 4:4.6.3) | 4:4.6.3-3
libkio5 (>= 4:4.6.3) | 4:4.6.3-3
libknewstuff3-4 (>= 4:4.6.3) | 4:4.6.3-3
libkworkspace4 (= 4:4.6.3-1) | 4:4.6.3-1
libpam0g (>= 0.99.7.1) | 1.1.3-1
libqimageblitz4 (>= 1:0.0.4) | 1:0.0.6-3
libqt4-svg (>= 4:4.5.3) | 4:4.7.3-1
libqt4-xml (>= 4:4.5.3) | 4:4.7.3-1
libqtcore4 (>= 4:4.7.0~beta1) | 4:4.7.3-1
libqtgui4 (>= 4:4.5.3) | 4:4.7.3-1
libstdc++6 (>= 4.1.1) | 4.6.0-10
libx11-6 | 2:1.4.3-1
libxau6 | 1:1.0.6-1
libxdmcp6 | 1:1.1.0-1
libxtst6 | 2:1.2.0-1
debconf (>= 0.5) | 1.5.39
OR debconf-2.0 |
lsb-base (>= 3.2-14) | 3.2-27
consolekit | 0.4.5-1
kdebase-workspace-kgreet-plugins (= 4:4.6.3-1) | 4:4.6.3-1
adduser | 3.112+nmu2


Recommends (Version) | Installed
==================================-+-===========
logrotate | 3.7.8-6
xserver-xorg | 1:7.6+7
OR xserver |
kdebase |
OR x-session-manager |
OR x-window-manager |
xterm | 270-1
OR x-terminal-emulator |


Suggests (Version) | Installed
========================-+-===========
kdepasswd | 4:4.6.3-1




 
 
 --
 Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f
 
 Sponsor:
 Coccole e relax per un soggiorno benessere all'Hotel Corallo di Riccione, camere spaziose ed eleganti con vista mare
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=11577&d=23-6

More information about the Secure-testing-team mailing list