From Mageia wiki
Revision as of 13:38, 6 October 2012 by Tmb (talk | contribs) (Created page with "== MGASA-2012-0282 == {| |'''Date:''' |October 6th, 2012 |- |'''Affected releases:''' |1, 2 |} '''Description:'''<br/> Updated dbus packages fix security vulnerability:<br/> ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

MGASA-2012-0282

Date: October 6th, 2012
Affected releases: 1, 2


Description:
Updated dbus packages fix security vulnerability:

It was discovered that the D-Bus library honored environment settings
even when running with elevated privileges. A local attacker could
possibly use this flaw to escalate their privileges, by setting specific
environment variables before running a setuid or setgid application
linked against the D-Bus library (libdbus) (CVE-2012-3524).


Updated Packages:
Mageia 1:
dbus-1.4.1-3.2.mga1
dbus-doc-1.4.1-3.2.mga1
dbus-x11-1.4.1-3.2.mga1
lib(64)dbus-1_3-1.4.1-3.2.mga1
lib(64)dbus-1-devel-1.4.1-3.2.mga1

Mageia 2:
dbus-1.4.16-5.1.mga2
dbus-x11-1.4.16-5.1.mga2
dbus-doc-1.4.16-5.1.mga2
lib(64)dbus-1-devel-1.4.16-5.1.mga2
lib(64)dbus-1_3-1.4.16-5.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3524
https://rhn.redhat.com/errata/RHSA-2012-1261.html
https://bugs.mageia.org/show_bug.cgi?id=7474