Scientific Linux alert SL-dbus-20130228 (dbus-glib)
| From: | Pat Riehecky <riehecky@fnal.gov> | |
| To: | "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" <SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> | |
| Subject: | Security ERRATA Important: dbus-glib on SL5.x, SL6.x i386/x86_64 | |
| Date: | Thu, 28 Feb 2013 16:21:06 -0600 | |
| Message-ID: | <512FD852.5080109@fnal.gov> |
Synopsis: Important: dbus-glib security update Issue Date: 2013-02-26 CVE Numbers: CVE-2013-0292 -- A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292) All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect. -- SL5 x86_64 dbus-glib-0.73-11.el5_9.i386.rpm dbus-glib-0.73-11.el5_9.x86_64.rpm dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.x86_64.rpm dbus-glib-devel-0.73-11.el5_9.i386.rpm dbus-glib-devel-0.73-11.el5_9.x86_64.rpm i386 dbus-glib-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-devel-0.73-11.el5_9.i386.rpm SL6 x86_64 dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-0.86-6.el6_4.x86_64.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.x86_64.rpm i386 dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm - Scientific Linux Development Team