LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

September 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA September 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: gdm on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 22 Sep 2009 14:19:56 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

Synopsis:	Low: gdm security and bug fix update
Issue date:	2009-09-02
CVE Names:	CVE-2009-2697

CVE-2009-2697 gdm not built with tcp_wrappers

A flaw was found in the way the gdm package was built. The gdm package 
was missing TCP wrappers support, which could result in an administrator
believing they had access restrictions enabled when they did not.
(CVE-2009-2697)

This update also fixes the following bugs:

* the GDM Reference Manual is now included with the gdm packages. The
gdm-docs package installs this document in HTML format in 
"/usr/share/doc/". (BZ#196054)

* GDM appeared in English on systems using Telugu (te_IN). With this
update, GDM has been localized in te_IN. (BZ#226931)

* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 
5. In previous releases, however, repeated use of this sequence 
prevented GDM from starting the X server as part of the reset process. 
This was because GDM sometimes did not notice the X server shutdown 
properly and would subsequently fail to complete the reset process. This 
update contains an added check to explicitly notify GDM whenever the X 
server is terminated, ensuring that resets are executed reliably. 
(BZ#441971)

* the "gdm" user is now part of the "audio" group by default. This 
enables audio support at the login screen. (BZ#458331)

* the gui/modules/dwellmouselistener.c source code contained incorrect
XInput code that prevented tablet devices from working properly. This
update removes the errant code, ensuring that tablet devices work as
expected. (BZ#473262)

* a bug in the XOpenDevice() function prevented the X server from 
starting whenever a device defined in "/etc/X11/xorg.conf" was not 
actually plugged in. This update wraps XOpenDevice() in the 
gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves 
this bug. This ensures that the X server can start properly even when 
devices defined in "/etc/X11/xorg.conf" are not plugged in. (BZ#474588)

GDM must be restarted for this update to take effect. Rebooting achieves 
this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.

Note: setup needed to be updated for dependencies.

SL 5.x

     SRPMS:
gdm-2.16.0-56.el5.src.rpm
setup-2.5.58-7.el5.src.rpm
     i386:
gdm-2.16.0-56.sl.i386.rpm
gdm-docs-2.16.0-56.sl.i386.rpm
setup-2.5.58-7.el5.noarch.rpm
     x86_64:
gdm-2.16.0-56.sl.i386.rpm
gdm-docs-2.16.0-56.sl.i386.rpm
setup-2.5.58-7.el5.noarch.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV