Package name
gdm
Date
2006-05-09
Advisory ID
MDKSA-2006:083
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

A race condition in daemon/slave.c in gdm before 2.14.1 allows local
users to gain privileges via a symlink attack when gdm performs chown
and chgrp operations on the .ICEauthority file.

Packages have been patched to correct this issue.

Updated packages

2006.0 i586

 d252ac2b6b8e0ea6c42b97d12154e054  2006.0/RPMS/gdm-2.8.0.4-1.1.20060mdk.i586.rpm
 06c26efefc15238226177bcf2b557f98  2006.0/RPMS/gdm-Xnest-2.8.0.4-1.1.20060mdk.i586.rpm
 7061440dac40a07c55a14e2a1f673536  2006.0/SRPMS/gdm-2.8.0.4-1.1.20060mdk.src.rpm

2006.0 x86_64

 aaa20636b30f9b8df2c9c538b7c77635  x86_64/2006.0/RPMS/gdm-2.8.0.4-1.1.20060mdk.x86_64.rpm
 ac0ab88f60162481348072b67151883a  x86_64/2006.0/RPMS/gdm-Xnest-2.8.0.4-1.1.20060mdk.x86_64.rpm
 7061440dac40a07c55a14e2a1f673536  x86_64/2006.0/SRPMS/gdm-2.8.0.4-1.1.20060mdk.src.rpm

References