Skip to navigation

Security Advisory Low: gdm security and bug fix update

Advisory: RHSA-2009:1364-2
Type: Security Advisory
Severity: Low
Issued on: 2009-09-02
Last updated on: 2009-09-02
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2009-2697

Details

Updated gdm packages that fix a security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The GNOME Display Manager (GDM) is a configurable re-implementation of XDM,
the X Display Manager. GDM allows you to log in to your system with the X
Window System running, and supports running several different X sessions on
your local machine at the same time.

A flaw was found in the way the gdm package was built. The gdm package was
missing TCP wrappers support, which could result in an administrator
believing they had access restrictions enabled when they did not.
(CVE-2009-2697)

This update also fixes the following bugs:

* the GDM Reference Manual is now included with the gdm packages. The
gdm-docs package installs this document in HTML format in
"/usr/share/doc/". (BZ#196054)

* GDM appeared in English on systems using Telugu (te_IN). With this
update, GDM has been localized in te_IN. (BZ#226931)

* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.
In previous releases, however, repeated use of this sequence prevented GDM
from starting the X server as part of the reset process. This was because
GDM sometimes did not notice the X server shutdown properly and would
subsequently fail to complete the reset process. This update contains an
added check to explicitly notify GDM whenever the X server is terminated,
ensuring that resets are executed reliably. (BZ#441971)

* the "gdm" user is now part of the "audio" group by default. This enables
audio support at the login screen. (BZ#458331)

* the gui/modules/dwellmouselistener.c source code contained incorrect
XInput code that prevented tablet devices from working properly. This
update removes the errant code, ensuring that tablet devices work as
expected. (BZ#473262)

* a bug in the XOpenDevice() function prevented the X server from starting
whenever a device defined in "/etc/X11/xorg.conf" was not actually plugged
in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and
gdk_error_trap_push() functions, which resolves this bug. This ensures that
the X server can start properly even when devices defined in
"/etc/X11/xorg.conf" are not plugged in. (BZ#474588)

All users should upgrade to these updated packages, which resolve these
issues. GDM must be restarted for this update to take effect. Rebooting
achieves this, but changing the runlevel from 5 to 3 and back to 5 also
restarts GDM.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gdm-2.16.0-56.el5.src.rpm
File outdated by:  RHSA-2013:1213
    MD5: f0fe79457f096970faf56597299bf2f9
 
IA-32:
gdm-2.16.0-56.el5.i386.rpm
File outdated by:  RHSA-2013:1213
    MD5: dc38c34ac62e797a2d85ab312f217f68
gdm-docs-2.16.0-56.el5.i386.rpm
File outdated by:  RHSA-2013:1213
    MD5: 8f64ba381cd77cb43e70b7281cf0efb4
 
IA-64:
gdm-2.16.0-56.el5.ia64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 8d16d37f49fadcfea01e60e6b5e2fdc4
gdm-docs-2.16.0-56.el5.ia64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 33c74be02a650fee24ae127691633815
 
PPC:
gdm-2.16.0-56.el5.ppc.rpm
File outdated by:  RHSA-2013:1213
    MD5: afca4ca7a85c8c966e088f8c97385fae
gdm-docs-2.16.0-56.el5.ppc.rpm
File outdated by:  RHSA-2013:1213
    MD5: d79e5cbad3e77058d64cec1159626e54
 
s390x:
gdm-2.16.0-56.el5.s390x.rpm
File outdated by:  RHSA-2013:1213
    MD5: 97b8ce4b29cd2fb5c610c79ecf52db47
gdm-docs-2.16.0-56.el5.s390x.rpm
File outdated by:  RHSA-2013:1213
    MD5: edeeded908297c27e8f54688f066dc46
 
x86_64:
gdm-2.16.0-56.el5.x86_64.rpm
File outdated by:  RHSA-2013:1213
    MD5: d9f5e991ecfbeec0069bff631c56bbbf
gdm-docs-2.16.0-56.el5.x86_64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 349aa67e19d13c4c1e70b665050a82b4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gdm-2.16.0-56.el5.src.rpm
File outdated by:  RHSA-2013:1213
    MD5: f0fe79457f096970faf56597299bf2f9
 
IA-32:
gdm-2.16.0-56.el5.i386.rpm
File outdated by:  RHSA-2013:1213
    MD5: dc38c34ac62e797a2d85ab312f217f68
gdm-docs-2.16.0-56.el5.i386.rpm
File outdated by:  RHSA-2013:1213
    MD5: 8f64ba381cd77cb43e70b7281cf0efb4
 
x86_64:
gdm-2.16.0-56.el5.x86_64.rpm
File outdated by:  RHSA-2013:1213
    MD5: d9f5e991ecfbeec0069bff631c56bbbf
gdm-docs-2.16.0-56.el5.x86_64.rpm
File outdated by:  RHSA-2013:1213
    MD5: 349aa67e19d13c4c1e70b665050a82b4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

239818 - CVE-2009-2697 gdm not built with tcp_wrappers
441971 - [RHEL5] GDM sometimes doesn't come back after ctrl-alt-backspace
458331 - Add supplementary audio group to the gdm user
473262 - Mouse cursor not movable when using tablet instead of mouse
474588 - gdmgreeter crashes if input device (ex wacom) is defined but not plugged


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/