Bug 239818 (CVE-2009-2697)
| Summary: | CVE-2009-2697 gdm not built with tcp_wrappers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Radek Vokál <rvokal> |
| Component: | vulnerability | Assignee: | Ray Strode [halfline] <rstrode> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alanm, bressers, llim, mjc, tao, vdanen |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-02 11:28:30 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". I'll need the 5.3 flag cleared. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1364.html |
Description of problem: gdm used to be built with tcp_wrappers on previous RHEL releases, although the BuildRequires was missing there as well. The tcp_wrappers package just happened to appear in the buildroot. I believe it's nice to be able to limit XDMCP connections using hosts.{allow,deny}. Version-Release number of selected component (if applicable): gdm-2.16.0-30.el5 Additional info: If you're going to fix this, don't forget that bug 181302 applies here as well.