openSUSE Security Update : xdm (openSUSE-SU-2013:1117-1)
Medium Nessus Plugin ID 75068
SynopsisThe remote openSUSE host is missing a security update.
Descriptionxdm was updated on crypt() NULL pointer crashes :
- Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/ NULL return) if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords passed to crypt() fail with EPERM (w/ NULL return). If using glibc's crypt(), check return value to avoid a possible NULL pointer dereference. (bnc#824884) (CVE-2013-2179)
SolutionUpdate the affected xdm packages.