Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorysecurity issuebug fixRedHat: RHSA-2009:1364-02 Low: GDM Security Issue and Bug Fix
Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Low: gdm security and bug fix update Advisory ID: RHSA-2009:1364-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1364.html Issue date: 2009-09-02 CVE Names: CVE-2009-2697 ==================================================================== 1. Summary: Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697) This update also fixes the following bugs: * the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in "/usr/share/doc/". (BZ#196054) * GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931) * the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases,however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process. This update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971) * the "gdm" user is now part of the "audio" group by default. This enables audio support at the login screen. (BZ#458331) * the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262) * a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in "/etc/X11/xorg.conf" was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in "/etc/X11/xorg.conf" are not plugged in. (BZ#474588) All users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 239818 - CVE-2009-2697 gdm not built with tcp_wrappers 441971 - [RHEL5] GDM sometimes doesn't come back after ctrl-alt-backspace 458331 - Add supplementary audio group to the gdm user 473262 - Mouse cursor not movable when using tablet instead of mouse 474588 - gdmgreeter crashes if input device (exwacom) is defined but not plugged 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: gdm-2.16.0-56.el5.i386.rpm gdm-debuginfo-2.16.0-56.el5.i386.rpm gdm-docs-2.16.0-56.el5.i386.rpm x86_64: gdm-2.16.0-56.el5.x86_64.rpm gdm-debuginfo-2.16.0-56.el5.x86_64.rpm gdm-docs-2.16.0-56.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: gdm-2.16.0-56.el5.i386.rpm gdm-debuginfo-2.16.0-56.el5.i386.rpm gdm-docs-2.16.0-56.el5.i386.rpm ia64: gdm-2.16.0-56.el5.ia64.rpm gdm-debuginfo-2.16.0-56.el5.ia64.rpm gdm-docs-2.16.0-56.el5.ia64.rpm ppc: gdm-2.16.0-56.el5.ppc.rpm gdm-debuginfo-2.16.0-56.el5.ppc.rpm gdm-docs-2.16.0-56.el5.ppc.rpm s390x: gdm-2.16.0-56.el5.s390x.rpm gdm-debuginfo-2.16.0-56.el5.s390x.rpm gdm-docs-2.16.0-56.el5.s390x.rpm x86_64: gdm-2.16.0-56.el5.x86_64.rpm gdm-debuginfo-2.16.0-56.el5.x86_64.rpm gdm-docs-2.16.0-56.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-2697 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Newly available Red Hat updates address a vulnerability in gdm and rectify various defects to improve overall system functionality.. GDM Security Fix, Red Hat Updates, Linux Bug Fixes. . Severity: Low. LinuxSecurity.com Team
Sep 02, 2009
•Low
Red Hat
98
security advisorydenial of servicesecurity fixRed Hat Enterprise Linux 5: RHSA-2007:0777-01 Moderate: Gdm DoS Issue
An updated gdm package that fixes a security issue is now available for Red Hat Enterprise Linux 5.A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: gdm security and bug fix update Advisory ID: RHSA-2007:0777-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0777.html Issue date: 2007-08-07 Updated on: 2007-08-07 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3381 - ---------------------------------------------------------------------1. Summary: An updated gdm package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket. (CVE-2007-3381) All users of gdm should upgrade to this updated package, which contains a backported patch that resolves this issue. Red Hat would like to thank JLANTHEA for reporting this issue. 4. Solution: Before applying this update, make sure that allpreviously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 247655 - CVE-2007-3381 Gdm denial of service 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: 219b844f9203ac31e4b077fa85e3c805 gdm-2.16.0-31.0.1.el5.src.rpm i386: 887b849a9ff2ec16736a15cd31b7c04e gdm-2.16.0-31.0.1.el5.i386.rpm 4c3485328c8057dae853522507fd06c8 gdm-debuginfo-2.16.0-31.0.1.el5.i386.rpm x86_64: 209397467cf496efbe51c289077f9aa4 gdm-2.16.0-31.0.1.el5.x86_64.rpm a23d809bee6723caf8f9405f8ea9860c gdm-debuginfo-2.16.0-31.0.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: 219b844f9203ac31e4b077fa85e3c805 gdm-2.16.0-31.0.1.el5.src.rpm i386: 887b849a9ff2ec16736a15cd31b7c04e gdm-2.16.0-31.0.1.el5.i386.rpm 4c3485328c8057dae853522507fd06c8 gdm-debuginfo-2.16.0-31.0.1.el5.i386.rpm ia64: 757c7e4ce2dcf3ba6caf53fefa9e436b gdm-2.16.0-31.0.1.el5.ia64.rpm ed9d4bef03ddf3ec9caf56cf6ee0fc81 gdm-debuginfo-2.16.0-31.0.1.el5.ia64.rpm ppc: c97a389898d1c159513778466808b332 gdm-2.16.0-31.0.1.el5.ppc.rpm 13c61bc3247af3da32c1011dfd4de9ee gdm-debuginfo-2.16.0-31.0.1.el5.ppc.rpm s390x: 16da1d3e80550a03f3add63acf410e29 gdm-2.16.0-31.0.1.el5.s390x.rpm e2f7cb8883ea4ccda31b6f5800101161 gdm-debuginfo-2.16.0-31.0.1.el5.s390x.rpm x86_64: 209397467cf496efbe51c289077f9aa4 gdm-2.16.0-31.0.1.el5.x86_64.rpm a23d809bee6723caf8f9405f8ea9860c gdm-debuginfo-2.16.0-31.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-3381 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . A revised gdm module has been released for Red Hat Enterprise Linux 5 to resolve a local crash problem experienced during X sessions.. GDM Fix, Red Hat Security, Local Exploit, Denial of Service, Security Update. . LinuxSecurity.com Team
Aug 07, 2007
Red Hat
217
security advisorysecurity fixlow severityEnterprise Linux 4 ELSA-2007-0286 Low Severity Gdm Security Update
The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network: . Enterprise Linux Security Advisory ELSA-2007-0286 https://access.redhat.com/errata/RHSA-2007:0286.html The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network: i386: gdm-2.6.0.5-7.rhel4.15.i386.rpm x86_64: gdm-2.6.0.5-7.rhel4.15.x86_64.rpm SRPMS: https://oss.oracle.com:443/el4/SRPMS-updates/gdm-2.6.0.5-7.rhel4.15.src.rpm Description of changes: [2.6.0.5-7.rhel4.15] - apply fix for CVE-2006-1057 (Resolves: #188302) [2.6.0.5-7.rhel4.14] - Fix for CVE-2006-1057 (bug 188302) [2.6.0.5-7.rhel4.13] - pam_loginuid.so support added in 1:2.6.0.5-7.rhel4.2 patched the wrong file. . This bulletin pertains to the gdm minor security patch for Enterprise Linux 4 along with its related corrections.. Enterprise Linux,gdm,security advisory,low severity update. . Severity: Low. LinuxSecurity.com Team
May 17, 2007
•Low
Oracle
89
security advisorymoderate severityFedora CoreFedora Core 5 GDM Update 2.14.8: Moderate User Interface Risk
This update also upgrades GDM to version 2.14.8.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-692 2006-06-09 ---------------------------------------------------------------------Product : Fedora Core 5 Name : gdm Version : 2.14.8 Release : 1 Summary : The GNOME Display Manager. Description : Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. ---------------------------------------------------------------------Update Information: This update addresses a moderate security issue where the user can enter the GDM configuration GUI with a user password when the Face Browser is enabled. Refer to bugzilla.gnome.org bug #343476. This update also upgrades GDM to version 2.14.8. ---------------------------------------------------------------------* Thu Jun 8 2006 Ray Strode - 1:2.14.8-1 - Update to 2.14.8 - Fixes CVE-2006-2452 (bug 343476). * Wed Jun 7 2006 Ray Strode - 1:2.14.4-1.fc5.3 - Add BuildRequires on xorg-x11-server-Xorg (bug 194295) * Tue Jun 6 2006 Matthias Clasen - 1:2.14.4-1.fc.2 - Require system-logos, not fedora-logos - Add missing BuildRequires ---------------------------------------------------------------------This update can be downloaded from: 86169d068cef84fa49abf49e0fdce25e5335abcb SRPMS/gdm-2.14.8-1.src.rpm 86169d068cef84fa49abf49e0fdce25e5335abcb noarch/gdm-2.14.8-1.src.rpm 739148f0570e1c653d21bcb4b0c36fe86ad15252 ppc/debug/gdm-debuginfo-2.14.8-1.ppc.rpm 7b5655c32d295c1d5ef77ddcc8835bb394c7a11a ppc/gdm-2.14.8-1.ppc.rpm 3bf8f7022bd2c846d89bc9420ae9704f4baff0ce x86_64/gdm-2.14.8-1.x86_64.rpm 7a146cda3fa1279499af1fcf75b58a4b1c4ec5ef x86_64/debug/gdm-debuginfo-2.14.8-1.x86_64.rpm e5f5907518b50346c22d05fa506403b3029f5ba7 i386/debug/gdm-debuginfo-2.14.8-1.i386.rpm 740fd598c16c7372735272c768bc99474871c13c i386/gdm-2.14.8-1.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jun 09, 2006
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!