See URL; "Even when DisplayManager.requestPort is set to 0, xdm will open a chooserFd tcp socket on all interfaces. This apparently cannot be disabled by configuration and presents a possible security risk." Note that this issue does not affect upstream XFree86 4.3.0 but affects the versions shipped with Fedora Core 1 and 2 which contained a backported patch that contains the flaw. CAN-2004-0419 Affects: FC1 CAN-2004-0419 Affects: FC2 This issue is minor severity as xdm is not used by default.
This can be closed once erratum is released.