dbus-glib is an add-on library to integrate the standard D-Bus library with
the GLib main loop and threading model.
A flaw was found in the way dbus-glib filtered the message sender (message
source subject) when the “NameOwnerChanged” signal was received. This
could trick a system service using dbus-glib (such as fprintd) into
believing a signal was sent from a privileged process, when it was not. A
local attacker could use this flaw to escalate their privileges.
(CVE-2013-0292)
All dbus-glib users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
linked against dbus-glib, such as fprintd and NetworkManager, must be
restarted for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc | dbus-glib | < 0.86-6.el6_4 | dbus-glib-0.86-6.el6_4.ppc.rpm |
RedHat | 5 | s390 | dbus-glib-debuginfo | < 0.73-11.el5_9 | dbus-glib-debuginfo-0.73-11.el5_9.s390.rpm |
RedHat | 5 | src | dbus-glib | < 0.73-11.el5_9 | dbus-glib-0.73-11.el5_9.src.rpm |
RedHat | 6 | i686 | dbus-glib-debuginfo | < 0.86-6.el6_4 | dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm |
RedHat | 5 | s390 | dbus-glib | < 0.73-11.el5_9 | dbus-glib-0.73-11.el5_9.s390.rpm |
RedHat | 6 | s390x | dbus-glib-debuginfo | < 0.86-6.el6_4 | dbus-glib-debuginfo-0.86-6.el6_4.s390x.rpm |
RedHat | 6 | s390 | dbus-glib-debuginfo | < 0.86-6.el6_4 | dbus-glib-debuginfo-0.86-6.el6_4.s390.rpm |
RedHat | 6 | i686 | dbus-glib-devel | < 0.86-6.el6_4 | dbus-glib-devel-0.86-6.el6_4.i686.rpm |
RedHat | 6 | s390x | dbus-glib-devel | < 0.86-6.el6_4 | dbus-glib-devel-0.86-6.el6_4.s390x.rpm |
RedHat | 5 | ppc | dbus-glib-debuginfo | < 0.73-11.el5_9 | dbus-glib-debuginfo-0.73-11.el5_9.ppc.rpm |