MGASA-2012-0282
Date: | October 6th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated dbus packages fix security vulnerability:
It was discovered that the D-Bus library honored environment settings
even when running with elevated privileges. A local attacker could
possibly use this flaw to escalate their privileges, by setting specific
environment variables before running a setuid or setgid application
linked against the D-Bus library (libdbus) (CVE-2012-3524).
Updated Packages:
Mageia 1:
dbus-1.4.1-3.2.mga1
dbus-doc-1.4.1-3.2.mga1
dbus-x11-1.4.1-3.2.mga1
lib(64)dbus-1_3-1.4.1-3.2.mga1
lib(64)dbus-1-devel-1.4.1-3.2.mga1
Mageia 2:
dbus-1.4.16-5.1.mga2
dbus-x11-1.4.16-5.1.mga2
dbus-doc-1.4.16-5.1.mga2
lib(64)dbus-1-devel-1.4.16-5.1.mga2
lib(64)dbus-1_3-1.4.16-5.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3524
https://rhn.redhat.com/errata/RHSA-2012-1261.html
https://bugs.mageia.org/show_bug.cgi?id=7474