Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHSA-2013:0568-02

Overview

Id RHSA-2013:0568-02
Name Red Hat 2013:0568-02 RHSA Important: dbus-glib security update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 26 Feb 2013 12:00:00

RHSA-2013:0568-02

Red Hat 2013:0568-02 RHSA Important: dbus-glib security update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

26 Feb 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHSA-2013-0568.html

Description

LSAC(v2)
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292) All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.

Related Resources

Related Vulnerabilities

CVE-2013-0292  

Related Patches

None

Superseded Patches

None


Last Updated: 27 May 2016 11:16:49