Synopsis: Important: gdm security update
Advisory ID: SLSA-2013:1213-1
Issue Date: 2013-09-05
CVE Numbers: CVE-2013-4169
A race condition was found in the way GDM handled the X server sockets
directory located in the system temporary directory. An unprivileged user
could use this flaw to perform a symbolic link attack, giving them write
access to any file, allowing them to escalate their privileges to root.
Note that this erratum includes an updated initscripts package. To fix
CVE-2013-4169, the vulnerable code was removed from GDM and the
initscripts package was modified to create the affected directory safely
during the system boot process. Therefore, this update will appear on all
systems, however systems without GDM installed are not affected by this
The system must be rebooted for this update to take effect.
– Scientific Linux Development Team