 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.56572 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 5 FEDORA-2006-338 (gdm) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to gdm announced via advisory FEDORA-2006-338. Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. Update Information: (Notes taken from upstream release mail) - The sockets connection between the slaves and the GDM daemon is now better managed to better ensure that sockets are never left open. (Brian Cameron) - Corrected bug that causes a core dump when you click on gdmgreeter fields that have an id. (Brian Cameron) - Add new GdmXserverTimeout configuration setting so that the length of time GDM waits for the Xserver to start can be tuned, so GDM better works with Xservers that require more than 10 seconds to start. (Emilie) - The happygnome and happygnome-list gdmgreeter themes now use the official logo. (Brian Cameron) - Now GDM configure supports --with-sysconfsubdir so that GDM's configuration directory can be configured to not have /gdm appended to the end. - Fix for ensuring .ICEauthority file has proper ownership/permissions. Addresses CVE-2006-1057. (Hans Petter Jansson) - Fix Show Actions Menu section in gdmsetup so it appears when both Plain and Themed style is chosen. (Brian Cameron, Dennis Cranston) - Now use LINGUAS procedure for defining languages. (Michiel Sikkes) - Now Xsession script uses $@ instead of $1 so it is possible to pass arguments with the command to run. (Brian Cameron) - Add Trusted Solraris support. (Niall Power) - One line fix to Solaris auditing logic that fixes a bug causing authentication to fail when auditing is turned on. (Brian Cameron) - Fixes to compile with C99 and fixes to compile under NetBSD. Remove EXPANDED_* variables from the configure. (Julio M. Merino Vidal) - Translation updates (Žygimantas BeruÄka, Benoît Dejean, Laurent Dhima, Maxim Dziumanenko, Alessio Frusciante, Rhys Jones, Raphael Higino, Theppitak Karoonboonyanan, Gabor Kelmen, Priit Laes, Jordi Mallach, Kjartan Maraas, Daniel Nylander, Kostas Papdimas, Guilherme de S. Pastore, Ankit Patel, Ignacio Casal Quinteiro, Hendrik Richter, Jens Seidel, Francisco Javier F. Serrador, Alexander Shopov, Clytie Siddall, Ilkka Tuohela, Vincent van Adrighem, Tommi Vainikaninen) * Wed Apr 12 2006 Ray Strode - 1:2.14.1-1.fc5.2 - Fix libexecdir substitution bug in config file * Tue Apr 11 2006 Ray Strode - 1:2.14.1-1.fc5.1 - Update to 2.14.1 - fixes CVE-2006-1057 (bug 188303) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-338 Risk factor : Medium CVSS Score: 3.7 |
| Cross-Ref: |
BugTraq ID: 17635 Common Vulnerability Exposure (CVE) ID: CVE-2006-1057 17635 http://www.securityfocus.com/bid/17635 ADV-2006-1465 http://www.vupen.com/english/advisories/2006/1465 DSA-1040 http://www.debian.org/security/2006/dsa-1040 FEDORA-2006-338 https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html MDKSA-2006:083 http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 RHSA-2007:0286 http://www.redhat.com/support/errata/RHSA-2007-0286.html USN-278-1 https://usn.ubuntu.com/278-1/ gdm-slavec-symlink(26092) https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 oval:org.mitre.oval:def:10092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092 |
| Copyright | Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |