Package name
dbus
Date
2013-04-08
Advisory ID
MDVSA-2013:070
Affected versions
MBS1 x86_64

Problem description

Updated dbus packages fix security vulnerability:

It was discovered that the D-Bus library honored environment settings
even when running with elevated privileges. A local attacker could
possibly use this flaw to escalate their privileges, by setting
specific environment variables before running a setuid or setgid
application linked against the D-Bus library (libdbus) (CVE-2012-3524).

Updated packages

MBS1 x86_64

 aa22d5b5aa42a0ae2d4d6d386d2ced8f  mbs1/x86_64/dbus-1.4.16-6.1.mbs1.x86_64.rpm
 aaa51efd33c5e8ae5d8a03ce92e39af8  mbs1/x86_64/dbus-doc-1.4.16-6.1.mbs1.x86_64.rpm
 3b041f317d9fd9a4d1233aa8b30b660c  mbs1/x86_64/dbus-x11-1.4.16-6.1.mbs1.x86_64.rpm
 2f81ac45a97ebfada7f7aa3b028887fc  mbs1/x86_64/lib64dbus-1_3-1.4.16-6.1.mbs1.x86_64.rpm
 772aef1caec3c44749195326b3354a7c  mbs1/x86_64/lib64dbus-1-devel-1.4.16-6.1.mbs1.x86_64.rpm 
 49cd426eeb1e76601536866811fc4bad  mbs1/SRPMS/dbus-1.4.16-6.1.mbs1.src.rpm

References