[gdm-list] [security CVE-2006-6105] GDM2 2.16.4 (stable), the "securityfix" Release
- From: Brian Cameron <Brian Cameron Sun COM>
- To: gnome-announce-list gnome org, gdm-list gnome org
- Subject: [gdm-list] [security CVE-2006-6105] GDM2 2.16.4 (stable), the "securityfix" Release
- Date: Wed, 13 Dec 2006 13:14:22 -0600
(If you have no clue what GDM is, skip a few paragraphs down first)
The 2.16.4 release is a stable release of GDM with the following
new features. Note that this fixes the important security issue
listed below, so it is highly recommended to upgrade to the latest
2.8, 2.14, 2.16, or 2.17 version of GDM to address this issue.
- Fix for a recently reported security issue that has ID
CVE-2006-6105. This fixes a problem where a user can
enter strings like "%08x" into the gdmchooser "Add"j
host button and print out memory. This issue was introduced
into GDM 188.8.131.52. (Brian Cameron)
- Fix for TryExec check in gdmsession to make sure that any
arguments are not passed to g_find_program_in_path since
this causes the function to say it is not executable.
- Translation updates (Runa Bhattacharjee, Josep Puigdemont
i Casamaj\303\263, Laurent Dhima, I. Felix, David Lodge,
Ani Peter, Rajesh Ranjan, Clytie Siddall, Vincent van
Note: GDM2 was originally written by Martin K. Petersen <mkp mkp net>.
Much work has been done on GDM2 by George Lebl, and Brian Cameron
currently shares maintainership duties with the Queen of England.
Note2: If installing from the tarball do note that make install
overwrites most of the setup files, all except gdm.conf. It will
however save backups with the .orig extension first.
Note3: Note3 has been depracated ...
#endif /* GDM_DISABLE_DEPRECATED */
Online Documentation - http://www.gnome.org/projects/gdm/
Latest Stable - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/
Latest Unstable - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.17/
No RPM this time around BTW. Have fun. A spec file is included though,
so you can try:
rpmbuild -ta gdm-whatever.tar.gz
] [Thread Prev