Scientific Linux 6.x: 2011-03-29 Moderate GDM Race Condition Threat

Date: Tue, 29 Mar 2011 16:42:02 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Moderate: gdm on SL6.x i386/x86_64
Comments: To: scientific 
MIME-Version: 1.0

This ERRATA for SL 6.0 i386/x86_64 are now available from:

-------------------------------------------------------------------------

Synopsis: Moderate: gdm security update
Issue date: 2011-03-29
CVE Names: CVE-2011-0727

The GNOME Display Manager (GDM) provides the graphical login screen, shown
shortly after boot up, log out, and when user-switching.

A race condition flaw was found in the way GDM handled the cache
directories used to store users' dmrc and face icon files. A local attacker
could use this flaw to trick GDM into changing the ownership of an
arbitrary file via a symbolic link attack, allowing them to escalate their
privileges. (CVE-2011-0727)

We would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.

SL 6.x

SRPMS:

 	gdm-2.30.4-21.el6_0.1.src.rpm

i386:

 	gdm-2.30.4-21.el6_0.1.i686.rpm
 	gdm-libs-2.30.4-21.el6_0.1.i686.rpm
 	gdm-plugin-fingerprint-2.30.4-21.el6_0.1.i686.rpm
 	gdm-plugin-smartcard-2.30.4-21.el6_0.1.i686.rpm
 	gdm-user-switch-applet-2.30.4-21.el6_0.1.i686.rpm

x86_64:

 	gdm-2.30.4-21.el6_0.1.x86_64.rpm
 	gdm-libs-2.30.4-21.el6_0.1.i686.rpm
 	gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm
 	gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm
 	gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm
 	gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson