Security update for gdm2
Knowledgebase
(Last modified: 18AUG2003)
solutions Security update for gdm2 SuSE Linux Maintenance Web (3aa6844b8b167793ea311c09bf8d62f0)
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Openexchange Server 4
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Desktop 1.0
Package: gdm2
Release: 20030818
Obsoletes: none
The next problem is caused by a missing "continue" statement in a loop, which leads to a structure being used right after being freed from memory. This situation can happen if the chosen host is not responding while the client keeps trying new indirect queries. This patch adds the missing "continue" statement.
Another problem was caused by not checking the length of the authorization data string first, before checking it with strncmp. If the data is less then 18 bytes long then the daemon may wander off the end of the string a few bytes in the strncmp perhaps causing a SEGV. This patch adds a check for the length of the string before checking it with strncmp.
rpm -Uvh gdm2.rpm
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.