gdm security update

2007-08-09T16:40:24
ID CESA-2007:0777
Type centos
Reporter CentOS Project
Modified 2007-08-09T16:40:31

Description

CentOS Errata and Security Advisory CESA-2007:0777

Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time.

A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket. (CVE-2007-3381)

All users of gdm should upgrade to this updated package, which contains a backported patch that resolves this issue.

Red Hat would like to thank JLANTHEA for reporting this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-August/026181.html http://lists.centos.org/pipermail/centos-announce/2007-August/026182.html

Affected packages: gdm

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0777.html