LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page Slackware Security Update: GDM security update
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 08-25-2003, 11:00 AM   #1
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
Exclamation Slackware Security Update: GDM security update

I thought this might be helpful for everyone who isnt subscribed to the mailing lists ...

Quote:
[slackware-security] GDM security update (SSA:2003-236-01)

Upgraded gdm packages are available for Slackware 9.0 and -current.
These fix a security issue where a local user may use GDM to read any
file on the system.


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Sun Aug 24 14:36:29 PDT 2003
patches/packages/gdm-2.4.1.6-i386-1.tgz: Upgraded to gdm-2.4.1.6.
This fixes a bug where a local user may read any system file by making a
symlink to it from $HOME/.xsession-errors and using GDM's error browser
to read the file.
(* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackwar...1.6-i386-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar...1.6-i486-1.tgz



MD5 SIGNATURES:
+-------------+

Slackware 9.0 package:
a5939f91ac56b5dd97d4a2013f099aed gdm-2.4.1.6-i386-1.tgz

Slackware -current package:
26459fb6dec7279fe4d80aba0b3ac4ff gdm-2.4.1.6-i486-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):
upgradepkg gdm-2.4.1.6-i386-1.tgz



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
Old 08-25-2003, 11:50 AM   #2
zsejk
Member
 
Registered: Apr 2003
Posts: 345
Blog Entries: 5

Rep: Reputation: 30
Thanks for the info phoeniX... I was indeed not on that mailing list (am now though ), so this came in handy.



-zsejk
 
Old 08-26-2003, 04:21 PM   #3
Astro
Member
Contributing Member
 
Registered: Jan 2003
Location: Albany, NY
Distribution: Slackware
Posts: 654

Rep: Reputation: 30
As far as I can tell this package screwed up my GDM and wouldn't let me load gnome with GDM anymore... I was testing out some Dropline stuff and upgraded the package and something must be different, someone might want to let dropline know about that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't update security (apt-get) eeried Linux - Newbie 0 07-14-2004 03:50 PM
update security with apt-get waffe Debian 2 05-21-2004 08:37 PM
Slackware Security Update: unzip vulnerability patched phoeniXflame Slackware 5 08-26-2003 12:52 PM
Slackware Security Update: KDE packages updated phoeniXflame Slackware 2 08-04-2003 09:03 AM
Slackware Security Update: sudo trickykid Slackware 3 05-01-2002 10:31 PM


All times are GMT -5. The time now is 07:11 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration