SCIENTIFIC-LINUX-ERRATA Archives

August 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA for gdm on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 22 Aug 2007 16:58:14 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Troy Dawson wrote:
> Synopsis:    Moderate: gdm security and bug fix update
> Issue date:    2007-08-07
> CVE Names:    CVE-2007-3381
> 
> A flaw was found in the way Gdm listens on its unix domain socket.  A local
> user could crash a running X session by writing malicious data to Gdm's
> unix domain socket. (CVE-2007-3381)
> 
> SL 5.x
> 
>   SRPMS:
>     gdm-2.16.0-31.0.1.el5.src.rpm
>   i386:
>     gdm-2.16.0-31.0.1.el5.i386.rpm
>   x86_64:
>     gdm-2.16.0-31.0.1.el5.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 

We accidentally put out the plain rpm from The Upstream Vendor without 
modifying it.  This new rpm put's in the modifications that were needed.

SL 5.x

   SRPMS:
     gdm-2.16.0-31.0.1.sl.2.src.rpm
   i386:
     gdm-2.16.0-31.0.1.sl.2.i386.rpm
   x86_64:
     gdm-2.16.0-31.0.1.sl.2.x86_64.rpm


Troy Dawson

ATOM RSS1 RSS2