Package: gdm Version: 2.14.5-1 Severity: important Hi,
GDM version 2.8, 2.12, 2.14, and 2.15 are susceptible to the security fault listed under CVE reference ID CVE-2006-2452 which reads: ... when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. http://bugzilla.gnome.org/show_bug.cgi?id=343476 http://www.ubuntulinux.org/support/documentation/usn/usn-293-1 Please reference this CVE ID in any changelog that fixes this issue. Thanks, Micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-vserver-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gdm depends on: ii adduser 3.87 Add and remove users and groups ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy ii gksu 1.9.1-2 graphical frontend to su ii gnome-session 2.14.2-1 The GNOME 2 Session Manager ii ion3 [x-window-manager] 20060524-1 keyboard-friendly window manager w ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libatk1.0-0 1.11.4-2 The ATK accessibility toolkit ii libattr1 2.4.32-1 Extended attribute shared library ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libcairo2 1.0.4-2 The Cairo 2D vector graphics libra ii libdmx1 1:1.0.1-3 X11 Distributed Multihead extensio ii libfontconfig1 2.3.2-7 generic font configuration library ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.10.3-1 The GLib library of C routines ii libgnomecanvas2-0 2.14.0-2 A powerful object-oriented display ii libgtk2.0-0 2.8.18-1 The GTK+ graphical user interface ii libpam-modules 0.79-3.1 Pluggable Authentication Modules f ii libpam-runtime 0.79-3.1 Runtime support for the PAM librar ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libpango1.0-0 1.12.3-1 Layout and rendering of internatio ii libpopt0 1.10-2 lib for parsing cmdline parameters ii librsvg2-2 2.14.4-1 SAX-based renderer library for SVG ii librsvg2-common 2.14.4-1 SAX-based renderer library for SVG ii libselinux1 1.30-1 SELinux shared libraries ii libwrap0 7.6.dbs-9 Wietse Venema's TCP wrappers libra ii libx11-6 2:1.0.0-6 X11 client-side library ii libxau6 1:1.0.0-3 X11 authorisation library ii libxcursor1 1.1.5.2-5 X cursor management library ii libxdmcp6 1:1.0.0-4 X11 Display Manager Control Protoc ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.0-5 X11 Input extension library ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library ii libxml2 2.6.26.dfsg-1 GNOME XML library ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip ii metacity [x-window-manager 1:2.14.5-1 A lightweight GTK2 based Window Ma ii rxvt-unicode-ml [x-termina 7.7-4 multi-lingual terminal emulator wi ii tilda [x-terminal-emulator 0.09.2-1 terminal with first person shooter ii twm [x-window-manager] 1:1.0.1-4 Tab window manager ii xbase-clients 1:7.1.ds-1.1 miscellaneous X clients ii xterm [x-terminal-emulator 210-3 X terminal emulator ii zlib1g 1:1.2.3-12 compression library - runtime Versions of packages gdm recommends: ii dialog 1.0-20060221-1 Displays user-friendly dialog boxe pn gdm-themes <none> (no description available) ii whiptail 0.52.2-4 Displays user-friendly dialog boxe ii zenity 2.14.2-1 Display graphical dialog boxes fro -- debconf information: gdm/daemon_name: /usr/bin/gdm * shared/default-x-display-manager: gdm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
