Synopsis: Important: gdm security update Advisory ID: SLSA-2013:1213-1 Issue Date: 2013-09-05 CVE Numbers: CVE-2013-4169 -- A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. (CVE-2013-4169) Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw. The system must be rebooted for this update to take effect. -- SL5 x86_64 gdm-docs-2.16.0-59.sl5.1.x86_64.rpm initscripts-8.45.42-2.el5_9.1.x86_64.rpm gdm-2.16.0-59.sl5.1.x86_64.rpm gdm-debuginfo-2.16.0-59.sl5.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm i386 gdm-docs-2.16.0-59.sl5.1.i386.rpm initscripts-8.45.42-2.el5_9.1.i386.rpm gdm-2.16.0-59.sl5.1.i386.rpm gdm-debuginfo-2.16.0-59.sl5.1.i386.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm srpm gdm-2.16.0-59.sl5.1.src.rpm initscripts-8.45.42-2.el5_9.1.src.rpm noarch initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm gdm-debuginfo-2.16.0-59.sl5.1.i386.rpm gdm-debuginfo-2.16.0-59.sl5.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm - Scientific Linux Development Team