MGASA-2012-0278
Date: | September 30th, 2012 |
Affected releases: | 2 |
Description:
Updated spice-gtk packages fix security vulnerability:
It was discovered that the spice-gtk setuid helper application,
spice-client-glib-usb-acl-helper, did not clear the environment
variables read by the libraries it uses. A local attacker could
possibly use this flaw to escalate their privileges by setting
specific environment variables before running the helper
application (CVE-2012-4425).
Updated Packages:
spice-gtk-0.9-1.1.mga2
lib(64)spice-client-glib2.0_1-0.9-1.1.mga2
lib(64)spice-client-glib-gir2.0-0.9-1.1.mga2
lib(64)spice-client-gtk3.0_1-0.9-1.1.mga2
lib(64)spice-client-gtk-gir3.0-0.9-1.1.mga2
lib(64)spice-controller0-0.9-1.1.mga2
lib(64)spice-gtk-devel-0.9-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4425
https://rhn.redhat.com/errata/RHSA-2012-1284.html
https://bugs.mageia.org/show_bug.cgi?id=7536