Skip to navigation

Security Advisory Moderate: gdm security and bug fix update

Advisory: RHSA-2007:0777-2
Type: Security Advisory
Severity: Moderate
Issued on: 2007-08-07
Last updated on: 2007-08-07
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-3381

Details

An updated gdm package that fixes a security issue is now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Gdm (the GNOME Display Manager) is a highly configurable reimplementation
of xdm, the X Display Manager. Gdm allows you to log into your system with
the X Window System running and supports running several different X
sessions on your local machine at the same time.

A flaw was found in the way Gdm listens on its unix domain socket. A local
user could crash a running X session by writing malicious data to Gdm's
unix domain socket. (CVE-2007-3381)

All users of gdm should upgrade to this updated package, which contains a
backported patch that resolves this issue.

Red Hat would like to thank JLANTHEA for reporting this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gdm-2.16.0-31.0.1.el5.src.rpm
File outdated by:  RHSA-2013:1213
    MD5: 219b844f9203ac31e4b077fa85e3c805
 
IA-32:
gdm-2.16.0-31.0.1.el5.i386.rpm
File outdated by:  RHSA-2013:1213
    MD5: 887b849a9ff2ec16736a15cd31b7c04e
 
IA-64:
gdm-2.16.0-31.0.1.el5.ia64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 757c7e4ce2dcf3ba6caf53fefa9e436b
 
PPC:
gdm-2.16.0-31.0.1.el5.ppc.rpm
File outdated by:  RHSA-2013:1213
    MD5: c97a389898d1c159513778466808b332
 
s390x:
gdm-2.16.0-31.0.1.el5.s390x.rpm
File outdated by:  RHSA-2013:1213
    MD5: 16da1d3e80550a03f3add63acf410e29
 
x86_64:
gdm-2.16.0-31.0.1.el5.x86_64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 209397467cf496efbe51c289077f9aa4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gdm-2.16.0-31.0.1.el5.src.rpm
File outdated by:  RHSA-2013:1213
    MD5: 219b844f9203ac31e4b077fa85e3c805
 
IA-32:
gdm-2.16.0-31.0.1.el5.i386.rpm
File outdated by:  RHSA-2013:1213
    MD5: 887b849a9ff2ec16736a15cd31b7c04e
 
x86_64:
gdm-2.16.0-31.0.1.el5.x86_64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 209397467cf496efbe51c289077f9aa4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

247655 - CVE-2007-3381 Gdm denial of service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/