This ERRATA for SL 6.0 i386/x86_64 are now available from: ftp://ftp.scientificlinux.org/linux/scientific/6.0/i386/updates/security/ ftp://ftp.scientificlinux.org/linux/scientific/6.0/x86_64/updates/security/ ------------------------------------------------------------------------- Synopsis: Moderate: gdm security update Issue date: 2011-03-29 CVE Names: CVE-2011-0727 The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727) We would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. SL 6.x SRPMS: gdm-2.30.4-21.el6_0.1.src.rpm i386: gdm-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.i686.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.i686.rpm x86_64: gdm-2.30.4-21.el6_0.1.x86_64.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson