[Frugalware-security] [ FSA-83 ] gdm
voroskoi
noreply at frugalware.org
Sat Jan 6 11:34:36 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-83
Date: 2007-01-06
Package: gdm
Vulnerable versions: <= 2.16.0-2
Unaffected versions: >= 2.16.4-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1539
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6105
Description
===========
A vulnerability has been reported in the gdmchooser application of the GNOME Display Manager, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a format string error within the "gdm_chooser_add_host()" function in gdm2/gui/gdmchooser.c. This can be exploited to execute arbitrary code with the privileges of the gdmchooser application by entering a specially crafted string when providing a remote host.
Updated Packages
================
Check if you have gdm installed:
# pacman -Q gdm
If found, then you should upgrade to the latest version:
# pacman -Sy gdm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFFn3s6Z7NElSD1VhkRAvWlAJ9GMfsQH3Sg16sLZE5UCs7Q9DCH3gCfe/Yv
72wFHohRiyRdA9zvXRoc0K0=
=03K8
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list