Francesco Muzio
2011-Jun-23 14:39 UTC
[Secure-testing-team] Bug#631391: [kdm] kdm show an uninitialized video memory or garbled images
Package: kdm Version: 4:4.6.3-1 Severity: normal Tags: security X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org When kdm startup and/or I logon/logoff from my desktop I see on the screen a very strange effect: If I booted my machine from a cold start kdm show me, before the login, at full screen a periodic "snow effect". I think this is the uninitialized video memory. If I rebooted my machine or simply rebooted kdm or also more simply logout from KDE I see on the screen old images (jpegs, desktops, and other resources stores on video memory) spread on fullscreen. This is ugly and a security problem. If I saw something like a private or secret such as passwords, important documents, adult content, and other things that I consider worthy of privacy these could be displayed on the screen against our will. I have experienced this problem on 2 machine, both with a radeon card (HD3650 and HD6670) with KMS Enabled This problem doesn''t appear with gdm. This problem is probably related to plasma desktop, when I try to logout/shutdown/reboot (and desktop effects are disabled) I see the same garbage effect. --- System information. --- Architecture: i386 Kernel: Linux 2.6.39 Debian Release: wheezy/sid 500 testing ftp.it.debian.org --- Package information. --- Depends (Version) | Installed =======================================================-+-=================== kdebase-runtime | 4:4.6.3-1 libc6 (>= 2.3) | 2.13-4 libck-connector0 (>= 0.2.1) | 0.4.5-1 libdbus-1-3 (>= 1.0.2) | 1.4.12-2 libkdecore5 (>= 4:4.6.3) | 4:4.6.3-3 libkdeui5 (>= 4:4.6.3) | 4:4.6.3-3 libkio5 (>= 4:4.6.3) | 4:4.6.3-3 libknewstuff3-4 (>= 4:4.6.3) | 4:4.6.3-3 libkworkspace4 (= 4:4.6.3-1) | 4:4.6.3-1 libpam0g (>= 0.99.7.1) | 1.1.3-1 libqimageblitz4 (>= 1:0.0.4) | 1:0.0.6-3 libqt4-svg (>= 4:4.5.3) | 4:4.7.3-1 libqt4-xml (>= 4:4.5.3) | 4:4.7.3-1 libqtcore4 (>= 4:4.7.0~beta1) | 4:4.7.3-1 libqtgui4 (>= 4:4.5.3) | 4:4.7.3-1 libstdc++6 (>= 4.1.1) | 4.6.0-10 libx11-6 | 2:1.4.3-1 libxau6 | 1:1.0.6-1 libxdmcp6 | 1:1.1.0-1 libxtst6 | 2:1.2.0-1 debconf (>= 0.5) | 1.5.39 OR debconf-2.0 | lsb-base (>= 3.2-14) | 3.2-27 consolekit | 0.4.5-1 kdebase-workspace-kgreet-plugins (= 4:4.6.3-1) | 4:4.6.3-1 adduser | 3.112+nmu2 Recommends (Version) | Installed ==================================-+-==========logrotate | 3.7.8-6 xserver-xorg | 1:7.6+7 OR xserver | kdebase | OR x-session-manager | OR x-window-manager | xterm | 270-1 OR x-terminal-emulator | Suggests (Version) | Installed ========================-+-==========kdepasswd | 4:4.6.3-1 -- Caselle da 1GB, trasmetti allegati fino a 3GB e in piu'' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f Sponsor: Coccole e relax per un soggiorno benessere all''Hotel Corallo di Riccione, camere spaziose ed eleganti con vista mare Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=11577&d=23-6