From Mageia wiki
MGASA-2012-0159
| Date: | July 10th, 2012 |
| Affected releases: | 1, 2 |
Description:
This update fixes insecure getenv() usage in libgssglue, which could be
used under some circumstances by local attackers do gain root privileges.
(CVE-2011-2709)
Updated Packages:
Mageia 1:
lib(64)gssglue1-0.1-8.1.mga1
lib(64)gssglue-devel-0.1-8.1.mga1
Mageia 2:
lib(64)gssglue1-0.4-1.mga2
lib(64)gssglue-devel-0.4-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2709
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00013.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html
https://bugs.mageia.org/show_bug.cgi?id=6424
