Oval Definition:oval:com.redhat.rhsa:def:20110395
Revision Date:2011-03-28Version:639
Title:RHSA-2011:0395: gdm security update (Moderate)
Description:The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.

  • A race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)

    Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.

    All users should upgrade to these updated packages, which contain a backported patch to correct this issue. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-0727
    CVE-2011-0727
    RHSA-2011:0395
    RHSA-2011:0395-01
    RHSA-2011:0395-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • gdm is earlier than 1:2.30.4-21.el6_0.1
  • AND gdm is signed with Red Hat redhatrelease2 key
  • gdm-libs is earlier than 1:2.30.4-21.el6_0.1
  • AND gdm-libs is signed with Red Hat redhatrelease2 key
  • gdm-plugin-fingerprint is earlier than 1:2.30.4-21.el6_0.1
  • AND gdm-plugin-fingerprint is signed with Red Hat redhatrelease2 key
  • gdm-plugin-smartcard is earlier than 1:2.30.4-21.el6_0.1
  • AND gdm-plugin-smartcard is signed with Red Hat redhatrelease2 key
  • gdm-user-switch-applet is earlier than 1:2.30.4-21.el6_0.1
  • AND gdm-user-switch-applet is signed with Red Hat redhatrelease2 key
    • BACK