ELSA-2013-0568 -- Oracle dbus-glibID: oval:org.secpod.oval:def:1500044 | Date: (C)2013-03-20 (M)2023-12-07 |
Class: PATCH | Family: unix |
Updated dbus-glib packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from theCVE link in the References section. dbus-glib is an add-on library to integrate the standard D-Bus library withthe GLib main loop and threading model.A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. Thiscould trick a system service using dbus-glib intobelieving a signal was sent from a privileged process, when it was not. Alocal attacker could use this flaw to escalate their privileges.All dbus-glib users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. All running applicationslinked against dbus-glib, such as fprintd and NetworkManager, must berestarted for this update to take effect.