Search...

CentOS Security Advisory CESA-2009:1364 (gdm)

2009-09-21T00:00:00

ID OPENVAS:64939
Type openvas
Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-10T00:00:00

Description

The remote host is missing updates to gdm announced in advisory CESA-2009:1364.

                                        
                                            #CESA-2009:1364 64939 2
# $Id: ovcesa2009_1364.nasl 6650 2017-07-10 11:43:12Z cfischer $
# Description: Auto-generated from advisory CESA-2009:1364 (gdm)
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "For details on the issues addressed in this update,
please visit the referenced security advisories.";
tag_solution = "Update the appropriate packages on your system.

http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1364
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1364";
tag_summary = "The remote host is missing updates to gdm announced in
advisory CESA-2009:1364.";



if(description)
{
 script_id(64939);
 script_version("$Revision: 6650 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)");
 script_cve_id("CVE-2009-2697");
 script_tag(name:"cvss_base", value:"6.8");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_name("CentOS Security Advisory CESA-2009:1364 (gdm)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("CentOS Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"gdm", rpm:"gdm~2.16.0~56.el5.centos", rls:"CentOS5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"gdm-docs", rpm:"gdm-docs~2.16.0~56.el5.centos", rls:"CentOS5")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "CentOS Local Security Checks", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a66f4da805f8c392651e1e01d3588ac2"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "4e468b6ed07d7938ce1362e6271259ab"}, {"key": "href", "hash": "b06de168661aa49ddd31164a611d354b"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "3f7cce19dfc67cf09d2ac5a11004e5bf"}, {"key": "published", "hash": "0e3dfe204f8fe641e54618a42300bd96"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "695eaa92685765635b7882194cf433ed"}, {"key": "title", "hash": "c81c9945eb412633d182d1191f11696a"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=64939", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "enchantments": {"vulnersScore": 5.0}, "id": "OPENVAS:64939", "title": "CentOS Security Advisory CESA-2009:1364 (gdm)", "hash": "36509f6a0d0b37f97f31504d6f7c78d4c0d2176800c261cf1fc3f1f078c72326", "edition": 2, "published": "2009-09-21T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:14:04", "bulletin": {"hash": "ab296503e0fe968671b38fa1efe185ea86e0949a0ecade3ec82a736933f1a14d", "viewCount": 0, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.", "hashmap": [{"key": "description", "hash": "4e468b6ed07d7938ce1362e6271259ab"}, {"key": "title", "hash": "c81c9945eb412633d182d1191f11696a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "published", "hash": "0e3dfe204f8fe641e54618a42300bd96"}, {"key": "sourceData", "hash": "bdec2f3c8d738372d067db383fe8f83c"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "cvelist", "hash": "a66f4da805f8c392651e1e01d3588ac2"}, {"key": "modified", "hash": "d4227b051a9e150b65aba9bdc4fd2a70"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "b06de168661aa49ddd31164a611d354b"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "pluginID", "hash": "3f7cce19dfc67cf09d2ac5a11004e5bf"}], "naslFamily": "CentOS Local Security Checks", "modified": "2017-01-13T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=64939", "published": "2009-09-21T00:00:00", "enchantments": {}, "id": "OPENVAS:64939", "title": "CentOS Security Advisory CESA-2009:1364 (gdm)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "#CESA-2009:1364 64939 2\n# $Id: ovcesa2009_1364.nasl 5002 2017-01-13 10:17:13Z teissa $\n# Description: Auto-generated from advisory CESA-2009:1364 (gdm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1364\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1364\";\ntag_summary = \"The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.\";\n\n\n\nif(description)\n{\n script_id(64939);\n script_version(\"$Revision: 5002 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-13 11:17:13 +0100 (Fri, 13 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1364 (gdm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-02T21:14:04", "pluginID": "64939"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-25T10:56:39", "sourceData": "#CESA-2009:1364 64939 2\n# $Id: ovcesa2009_1364.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1364 (gdm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1364\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1364\";\ntag_summary = \"The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.\";\n\n\n\nif(description)\n{\n script_id(64939);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1364 (gdm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "64939"}

{"result": {"cve": [{"id": "CVE-2009-2697", "type": "cve", "title": "CVE-2009-2697", "description": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.", "published": "2009-09-04T16:30:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2697", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-09-19T13:36:35"}], "redhat": [{"id": "RHSA-2009:1364", "type": "redhat", "title": "(RHSA-2009:1364) Low: gdm security and bug fix update", "description": "The GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nThis update also fixes the following bugs:\n\n* the GDM Reference Manual is now included with the gdm packages. The\ngdm-docs package installs this document in HTML format in\n\"/usr/share/doc/\". (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this\nupdate, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.\nIn previous releases, however, repeated use of this sequence prevented GDM\nfrom starting the X server as part of the reset process. This was because\nGDM sometimes did not notice the X server shutdown properly and would\nsubsequently fail to complete the reset process. This update contains an\nadded check to explicitly notify GDM whenever the X server is terminated,\nensuring that resets are executed reliably. (BZ#441971)\n\n* the \"gdm\" user is now part of the \"audio\" group by default. This enables\naudio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect\nXInput code that prevented tablet devices from working properly. This\nupdate removes the errant code, ensuring that tablet devices work as\nexpected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting\nwhenever a device defined in \"/etc/X11/xorg.conf\" was not actually plugged\nin. This update wraps XOpenDevice() in the gdk_error_trap_pop() and\ngdk_error_trap_push() functions, which resolves this bug. This ensures that\nthe X server can start properly even when devices defined in\n\"/etc/X11/xorg.conf\" are not plugged in. (BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.", "published": "2009-09-02T07:02:33", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1364", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-09-09T07:19:54"}], "openvas": [{"id": "OPENVAS:136141256231064803", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1364", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1364.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.", "published": "2009-09-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064803", "cvelist": ["CVE-2009-2697"], "lastseen": "2018-04-06T11:40:36"}, {"id": "OPENVAS:1361412562310122443", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1364", "description": "Oracle Linux Local Security Checks ELSA-2009-1364", "published": "2015-10-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122443", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-24T12:53:51"}, {"id": "OPENVAS:136141256231064939", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1364 (gdm)", "description": "The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.", "published": "2009-09-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064939", "cvelist": ["CVE-2009-2697"], "lastseen": "2018-04-06T11:38:59"}, {"id": "OPENVAS:880844", "type": "openvas", "title": "CentOS Update for gdm CESA-2009:1364 centos5 i386", "description": "Check for the Version of gdm", "published": "2011-08-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880844", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-25T10:55:22"}, {"id": "OPENVAS:64803", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1364", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1364.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.", "published": "2009-09-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64803", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-27T10:56:49"}, {"id": "OPENVAS:1361412562310880844", "type": "openvas", "title": "CentOS Update for gdm CESA-2009:1364 centos5 i386", "description": "Check for the Version of gdm", "published": "2011-08-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880844", "cvelist": ["CVE-2009-2697"], "lastseen": "2018-04-09T11:35:34"}], "nessus": [{"id": "SL_20090902_GDM_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : gdm on SL5.x i386/x86_64", "description": "CVE-2009-2697 gdm not built with tcp_wrappers\n\nA flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n - the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in '/usr/share/doc/'. (BZ#196054)\n\n - GDM appeared in English on systems using Telugu (te_IN).\n With this update, GDM has been localized in te_IN.\n (BZ#226931)\n\n - the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process. This update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably.\n (BZ#441971)\n\n - the 'gdm' user is now part of the 'audio' group by default. This enables audio support at the login screen.\n (BZ#458331)\n\n - the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262)\n\n - a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in '/etc/X11/xorg.conf' was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in '/etc/X11/xorg.conf' are not plugged in. (BZ#474588)\n\nGDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.\n\nNote: setup needed to be updated for dependencies.", "published": "2012-08-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60652", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-10-29T13:37:35"}, {"id": "CENTOS_RHSA-2009-1364.NASL", "type": "nessus", "title": "CentOS 5 : gdm (CESA-2009:1364)", "description": "Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n* the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in '/usr/share/doc/'. (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process.\nThis was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process.\nThis update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971)\n\n* the 'gdm' user is now part of the 'audio' group by default. This enables audio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in '/etc/X11/xorg.conf' was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in '/etc/X11/xorg.conf' are not plugged in.\n(BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect.\nRebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.", "published": "2010-01-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43789", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-10-29T13:40:46"}, {"id": "REDHAT-RHSA-2009-1364.NASL", "type": "nessus", "title": "RHEL 5 : gdm (RHSA-2009:1364)", "description": "Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n* the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in '/usr/share/doc/'. (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process.\nThis was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process.\nThis update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971)\n\n* the 'gdm' user is now part of the 'audio' group by default. This enables audio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in '/etc/X11/xorg.conf' was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in '/etc/X11/xorg.conf' are not plugged in.\n(BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect.\nRebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.", "published": "2009-09-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40840", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-10-29T13:43:14"}], "oraclelinux": [{"id": "ELSA-2009-1364", "type": "oraclelinux", "title": "gdm security and bug fix update", "description": "[1:2.16.0-56]\n- Resolves: #239818 181302\n- Fix tcp wrappers detection on 64-bit\n[1:2.16.0-55]\nResolves: #196054\n- Fix docs subpackage Requires\n[1:2.16.0-53]\nResolves: #196054\n- Add docs subpackage\n[1:2.16.0-52]\nResolves: #226931\n- Add te_IN translations\n[1:2.16.0-51]\nResolves: #441971\n- Make ctrl-alt-backspace at the login screen more robust\n[1:2.16.0-50]\nResolves: #458331\n- Add GDM to audio group by default.\n[1:2.16.0-49]\nResolves: #474588\n- Don't crash if defined extended input device is unplugged\n Patch by Olivier Fourdan.\n[1:2.16.0-48]\nResolves: #239818\n- Rebuild with tcp_wrappers build requires\n[1:2.16.0-47]\nResolves: #473262\n- Fix pointer on tablet devices.", "published": "2009-09-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1364.html", "cvelist": ["CVE-2009-2697"], "lastseen": "2016-09-04T11:16:57"}], "centos": [{"id": "CESA-2009:1364", "type": "centos", "title": "gdm security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1364\n\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nThis update also fixes the following bugs:\n\n* the GDM Reference Manual is now included with the gdm packages. The\ngdm-docs package installs this document in HTML format in\n\"/usr/share/doc/\". (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this\nupdate, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.\nIn previous releases, however, repeated use of this sequence prevented GDM\nfrom starting the X server as part of the reset process. This was because\nGDM sometimes did not notice the X server shutdown properly and would\nsubsequently fail to complete the reset process. This update contains an\nadded check to explicitly notify GDM whenever the X server is terminated,\nensuring that resets are executed reliably. (BZ#441971)\n\n* the \"gdm\" user is now part of the \"audio\" group by default. This enables\naudio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect\nXInput code that prevented tablet devices from working properly. This\nupdate removes the errant code, ensuring that tablet devices work as\nexpected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting\nwhenever a device defined in \"/etc/X11/xorg.conf\" was not actually plugged\nin. This update wraps XOpenDevice() in the gdk_error_trap_pop() and\ngdk_error_trap_push() functions, which resolves this bug. This ensures that\nthe X server can start properly even when devices defined in\n\"/etc/X11/xorg.conf\" are not plugged in. (BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016157.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016158.html\n\n**Affected packages:**\ngdm\ngdm-docs\n\n**Upstream details at:**\n", "published": "2009-09-15T19:50:41", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-September/016157.html", "cvelist": ["CVE-2009-2697"], "lastseen": "2017-10-03T18:24:35"}]}}