MDKSA-2006:100

Package name

gdm

Date

2006-06-13

Advisory ID

MDKSA-2006:100

Affected versions

2006.0 i586 , 2006.0 x86_64

Problem description

A vulnerability in gdm could allow a user to activate the gdm setup
program if the administrator configured a gdm theme that provided a
user list. The user could do so by choosing the setup option from
the menu, clicking the user list, then entering his own password
instead of root's.

The updated packages have been patched to correct this issue.

Updated packages

2006.0 i586

 52484787cbd6245c3b8a60933d04b0c4  2006.0/RPMS/gdm-2.8.0.4-1.3.20060mdk.i586.rpm
 647524fa758a38e234970d1c08bd6737  2006.0/RPMS/gdm-Xnest-2.8.0.4-1.3.20060mdk.i586.rpm
 e464e85b60fcfb39e178e94f268e6698  2006.0/SRPMS/gdm-2.8.0.4-1.3.20060mdk.src.rpm

2006.0 x86_64

 c3a140acd7b4a1275c810ddd587e8d3a  x86_64/2006.0/RPMS/gdm-2.8.0.4-1.3.20060mdk.x86_64.rpm
 27b79ebf1a55d018041f63b3069174af  x86_64/2006.0/RPMS/gdm-Xnest-2.8.0.4-1.3.20060mdk.x86_64.rpm
 e464e85b60fcfb39e178e94f268e6698  x86_64/2006.0/SRPMS/gdm-2.8.0.4-1.3.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2452