MGASA-2012-0293
| Date: | October 14th, 2012 |
| Affected releases: | 2 |
Description:
Updated glib2.0 packages fix security vulnerability:
It was discovered that the version of glib shipped with Mageia 2 does
not sanitise certain DBUS related environment variables. When used in
combination with a setuid application which utilises dbus via glib, a
local user could gain escalated privileges with a specially crafted
environment. This is related to a similar issue with dbus.
(CVE-2012-3524)
This updated version of glib adds appropriate protection against such
scenarios and also adds additional hardening when used in a setuid
environment.
Updated Packages:
glib2.0-common-2.32.4-1.1.mga2
glib-gettextize-2.32.4-1.1.mga2
lib(64)gio2.0_0-2.32.4-1.1.mga2
lib(64)glib2.0_0-2.32.4-1.1.mga2
lib(64)glib2.0-devel-2.32.4-1.1.mga2
lib(64)glib2.0-static-devel-2.32.4-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3524
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088257.html
https://bugs.mageia.org/show_bug.cgi?id=7595
