Synopsis: Moderate: dbus security update
Issue Date: 2012-09-13
CVE Numbers: CVE-2012-3524
—
It was discovered that the D-Bus library honored environment settings even
when running with elevated privileges. A local attacker could possibly use
this flaw to escalate their privileges, by setting specific environment
variables before running a setuid or setgid application linked against the
D-Bus library (libdbus). (CVE-2012-3524)
Note: With this update, libdbus ignores environment variables when used by
setuid or setgid applications. The environment is not ignored when an
application gains privileges via file system capabilities; however, no
application shipped in Scientific Linux 6 gains privileges via file
system capabilities.
For the update to take effect, all running instances of dbus-daemon and
all running applications using the libdbus library must be restarted,
or the system rebooted.
—
SL6
x86_64
dbus-1.2.24-7.el6_3.x86_64.rpm
dbus-libs-1.2.24-7.el6_3.i686.rpm
dbus-libs-1.2.24-7.el6_3.x86_64.rpm
dbus-x11-1.2.24-7.el6_3.x86_64.rpm
dbus-devel-1.2.24-7.el6_3.i686.rpm
dbus-devel-1.2.24-7.el6_3.x86_64.rpm
i386
dbus-1.2.24-7.el6_3.i686.rpm
dbus-libs-1.2.24-7.el6_3.i686.rpm
dbus-x11-1.2.24-7.el6_3.i686.rpm
dbus-devel-1.2.24-7.el6_3.i686.rpm
noarch
dbus-doc-1.2.24-7.el6_3.noarch.rpm
– Scientific Linux Development Team
