[gdm-list] [security CVE-2006-6105] GDM2 2.16.4 (stable), the "securityfix" Release


(If you have no clue what GDM is, skip a few paragraphs down first)

The 2.16.4 release is a stable release of GDM with the following
new features.  Note that this fixes the important security issue
listed below, so it is highly recommended to upgrade to the latest
2.8, 2.14, 2.16, or 2.17 version of GDM to address this issue.

- Fix for a recently reported security issue that has ID
  CVE-2006-6105.  This fixes a problem where a user can
  enter strings like "%08x" into the gdmchooser "Add"j
  host button and print out memory.  This issue was introduced
  into GDM (Brian Cameron)

- Fix for TryExec check in gdmsession to make sure that any
  arguments are not passed to g_find_program_in_path since
  this causes the function to say it is not executable.
  (Brian Cameron)

- Translation updates (Runa Bhattacharjee, Josep Puigdemont
  i Casamaj\303\263, Laurent Dhima, I. Felix, David Lodge,
  Ani Peter, Rajesh Ranjan, Clytie Siddall, Vincent van

Note:  GDM2 was originally written by Martin K. Petersen <mkp mkp net>.
Much work has been done on GDM2 by George Lebl, and Brian Cameron
currently shares maintainership duties with the Queen of England.

Note2:  If installing from the tarball do note that make install
overwrites most of the setup files, all except gdm.conf.  It will
however save backups with the .orig extension first.

Note3:  Note3 has been depracated ...


Online Documentation - http://www.gnome.org/projects/gdm/
Latest Stable        - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/
Latest Unstable      - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.17/

No RPM this time around BTW.  Have fun.  A spec file is included though,
so you can try:

  rpmbuild -ta gdm-whatever.tar.gz

Have fun,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]