This ERRATA for SL 6.0 i386/x86_64 are now available from:
ftp://ftp.scientificlinux.org/linux/scientific/6.0/i386/updates/security/ftp://ftp.scientificlinux.org/linux/scientific/6.0/x86_64/updates/security/
-------------------------------------------------------------------------
Synopsis: Moderate: gdm security update
Issue date: 2011-03-29
CVE Names: CVE-2011-0727
The GNOME Display Manager (GDM) provides the graphical login screen, shown
shortly after boot up, log out, and when user-switching.
A race condition flaw was found in the way GDM handled the cache
directories used to store users' dmrc and face icon files. A local attacker
could use this flaw to trick GDM into changing the ownership of an
arbitrary file via a symbolic link attack, allowing them to escalate their
privileges. (CVE-2011-0727)
We would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.
SL 6.x
SRPMS:
gdm-2.30.4-21.el6_0.1.src.rpm
i386:
gdm-2.30.4-21.el6_0.1.i686.rpm
gdm-libs-2.30.4-21.el6_0.1.i686.rpm
gdm-plugin-fingerprint-2.30.4-21.el6_0.1.i686.rpm
gdm-plugin-smartcard-2.30.4-21.el6_0.1.i686.rpm
gdm-user-switch-applet-2.30.4-21.el6_0.1.i686.rpm
x86_64:
gdm-2.30.4-21.el6_0.1.x86_64.rpm
gdm-libs-2.30.4-21.el6_0.1.i686.rpm
gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm
gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm
gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm
gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm
-Connie Sieh
-Troy Dawson