Synopsis

Moderate: gdm security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An updated gdm package that fixes a security issue is now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Gdm (the GNOME Display Manager) is a highly configurable reimplementation
of xdm, the X Display Manager. Gdm allows you to log into your system with
the X Window System running and supports running several different X
sessions on your local machine at the same time.

A flaw was found in the way Gdm listens on its unix domain socket. A local
user could crash a running X session by writing malicious data to Gdm's
unix domain socket. (CVE-2007-3381)

All users of gdm should upgrade to this updated package, which contains a
backported patch that resolves this issue.

Red Hat would like to thank JLANTHEA for reporting this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 247655 - CVE-2007-3381 Gdm denial of service

CVEs

• CVE-2007-3381

References

• http://www.redhat.com/security/updates/classification/#moderate

Red Hat Enterprise Linux Server 5

SRPM
gdm-2.16.0-31.0.1.el5.src.rpm	SHA-256: b3cd070635e5525b68dc101dcbfcf85106c7d430f397fa8609cc8eb8f0c925d4
x86_64
gdm-2.16.0-31.0.1.el5.x86_64.rpm	SHA-256: f4083d0ed16f4e2a621e0c1e5a5d1976abc67df584396fc00ce9faf684481747
ia64
gdm-2.16.0-31.0.1.el5.ia64.rpm	SHA-256: ac0ed3a9033e19f50922302ac8c703bbd7185126e012b7e980f377db4adca1ff
i386
gdm-2.16.0-31.0.1.el5.i386.rpm	SHA-256: 671d0d94e4e5d2d5d6d25661335e599c4a2aebec3c984fe0ba982137979b80c9

Red Hat Enterprise Linux Workstation 5

SRPM
gdm-2.16.0-31.0.1.el5.src.rpm	SHA-256: b3cd070635e5525b68dc101dcbfcf85106c7d430f397fa8609cc8eb8f0c925d4
x86_64
gdm-2.16.0-31.0.1.el5.x86_64.rpm	SHA-256: f4083d0ed16f4e2a621e0c1e5a5d1976abc67df584396fc00ce9faf684481747
i386
gdm-2.16.0-31.0.1.el5.i386.rpm	SHA-256: 671d0d94e4e5d2d5d6d25661335e599c4a2aebec3c984fe0ba982137979b80c9

Red Hat Enterprise Linux Desktop 5

SRPM
gdm-2.16.0-31.0.1.el5.src.rpm	SHA-256: b3cd070635e5525b68dc101dcbfcf85106c7d430f397fa8609cc8eb8f0c925d4
x86_64
gdm-2.16.0-31.0.1.el5.x86_64.rpm	SHA-256: f4083d0ed16f4e2a621e0c1e5a5d1976abc67df584396fc00ce9faf684481747
i386
gdm-2.16.0-31.0.1.el5.i386.rpm	SHA-256: 671d0d94e4e5d2d5d6d25661335e599c4a2aebec3c984fe0ba982137979b80c9

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gdm-2.16.0-31.0.1.el5.src.rpm	SHA-256: b3cd070635e5525b68dc101dcbfcf85106c7d430f397fa8609cc8eb8f0c925d4
s390x
gdm-2.16.0-31.0.1.el5.s390x.rpm	SHA-256: 23a9bc6a15315f37d41bf2b132bd83aee61dc325736fdbfe9d14507599121d52

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gdm-2.16.0-31.0.1.el5.src.rpm	SHA-256: b3cd070635e5525b68dc101dcbfcf85106c7d430f397fa8609cc8eb8f0c925d4
ppc
gdm-2.16.0-31.0.1.el5.ppc.rpm	SHA-256: 61a4d72e2f071af3ece5100107899c41d10dbf036160dc1508004029f013e98d

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gdm-2.16.0-31.0.1.el5.src.rpm	SHA-256: b3cd070635e5525b68dc101dcbfcf85106c7d430f397fa8609cc8eb8f0c925d4
x86_64
gdm-2.16.0-31.0.1.el5.x86_64.rpm	SHA-256: f4083d0ed16f4e2a621e0c1e5a5d1976abc67df584396fc00ce9faf684481747
i386
gdm-2.16.0-31.0.1.el5.i386.rpm	SHA-256: 671d0d94e4e5d2d5d6d25661335e599c4a2aebec3c984fe0ba982137979b80c9