Mageia alert MGASA-2012-0153 (accountsservice) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0153: accountsservice-0.6.14-2.1.mga2
 (2/core) 
Date:
    	       Tue, 10 Jul 2012 01:54:58 +0200
Message-ID:
    	       <20120709235458.GA22829@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0153
Date: 	July 10th, 2012
Affected releases: 	2


Description:
Updated accountsservice packages fix security vulnerability:

Florian Weimer discovered that AccountsService incorrectly handled
privileges when copying certain files to the system cache directory.
A local attacker could exploit this issue to read arbitrary files,
bypassing intended permissions (CVE-2012-2737).


Updated Packages:
accountsservice-0.6.14-2.1.mga2
lib(64)accountsservice0-0.6.14-2.1.mga2
lib(64)accountsservice-devel-0.6.14-2.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2737
http://www.ubuntu.com/usn/usn-1485-1/
https://bugs.mageia.org/show_bug.cgi?id=6626
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)