Package name
glib2.0
Date
2013-04-09
Advisory ID
MDVSA-2013:083
Affected versions
MBS1 x86_64

Problem description

Updated glib2.0 packages fix security vulnerability:

It was discovered that the version of glib shipped with MBS 1 does
not sanitise certain DBUS related environment variables. When used
in combination with a setuid application which utilises dbus via
glib, a local user could gain escalated privileges with a specially
crafted environment. This is related to a similar issue with dbus
(CVE-2012-3524).

This updated version of glib adds appropriate protection against
such scenarios and also adds additional hardening when used in a
setuid environment.

Updated packages

MBS1 x86_64

 de4094c18ae9b4513078d4ef000dd875  mbs1/x86_64/glib2.0-common-2.32.4-1.mbs1.x86_64.rpm
 b2e1e347ae6d793ecb2dc9c7c980413b  mbs1/x86_64/glib-gettextize-2.32.4-1.mbs1.x86_64.rpm
 b7973bd0af7715153573f254fe888ff3  mbs1/x86_64/lib64gio2.0_0-2.32.4-1.mbs1.x86_64.rpm
 06abc13fc1fefa27501416cd78a2daca  mbs1/x86_64/lib64glib2.0_0-2.32.4-1.mbs1.x86_64.rpm
 5a264af58cd6398813766213b3f644d8  mbs1/x86_64/lib64glib2.0-devel-2.32.4-1.mbs1.x86_64.rpm
 513ab313c25d170152de83ae5cf9a403  mbs1/x86_64/lib64glib2.0-static-devel-2.32.4-1.mbs1.x86_64.rpm 
 5f1a72a5c8fecf94e5ff9d176ef79e7f  mbs1/SRPMS/glib2.0-2.32.4-1.mbs1.src.rpm

References