Synopsis:          Important: gdm security update
Advisory ID:       SLSA-2013:1213-1
Issue Date:        2013-09-05
CVE Numbers:       CVE-2013-4169
--

A race condition was found in the way GDM handled the X server sockets
directory located in the system temporary directory. An unprivileged user
could use this flaw to perform a symbolic link attack, giving them write
access to any file, allowing them to escalate their privileges to root.
(CVE-2013-4169)

Note that this erratum includes an updated initscripts package. To fix
CVE-2013-4169, the vulnerable code was removed from GDM and the
initscripts package was modified to create the affected directory safely
during the system boot process. Therefore, this update will appear on all
systems, however systems without GDM installed are not affected by this
flaw.

The system must be rebooted for this update to take effect.
--

SL5
  x86_64
    gdm-docs-2.16.0-59.sl5.1.x86_64.rpm
    initscripts-8.45.42-2.el5_9.1.x86_64.rpm
    gdm-2.16.0-59.sl5.1.x86_64.rpm
    gdm-debuginfo-2.16.0-59.sl5.1.x86_64.rpm
    initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm
  i386
    gdm-docs-2.16.0-59.sl5.1.i386.rpm
    initscripts-8.45.42-2.el5_9.1.i386.rpm
    gdm-2.16.0-59.sl5.1.i386.rpm
    gdm-debuginfo-2.16.0-59.sl5.1.i386.rpm
    initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm
  srpm
    gdm-2.16.0-59.sl5.1.src.rpm
    initscripts-8.45.42-2.el5_9.1.src.rpm
  noarch
    initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm
    gdm-debuginfo-2.16.0-59.sl5.1.i386.rpm
    gdm-debuginfo-2.16.0-59.sl5.1.x86_64.rpm
    initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm

- Scientific Linux Development Team