Oval Definition:oval:com.redhat.rhsa:def:20130568
Revision Date:2013-02-26Version:637
Title:RHSA-2013:0568: dbus-glib security update (Important)
Description:dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model.

  • A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292)

    All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-0292
    CVE-2013-0292
    RHSA-2013:0568
    RHSA-2013:0568-03
    RHSA-2013:0568-03
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • dbus-glib is earlier than 0:0.73-11.el5_9
  • AND dbus-glib is signed with Red Hat redhatrelease2 key
  • dbus-glib-devel is earlier than 0:0.73-11.el5_9
  • AND dbus-glib-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • dbus-glib is earlier than 0:0.86-6.el6_4
  • AND dbus-glib is signed with Red Hat redhatrelease2 key
  • dbus-glib-devel is earlier than 0:0.86-6.el6_4
  • AND dbus-glib-devel is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • dbus-glib is earlier than 0:0.86-6.el6_4
  • AND dbus-glib is signed with Red Hat redhatrelease2 key
  • dbus-glib-devel is earlier than 0:0.86-6.el6_4
  • AND dbus-glib-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • dbus-glib is earlier than 0:0.73-11.el5_9
  • AND dbus-glib is signed with Red Hat redhatrelease key
  • dbus-glib-devel is earlier than 0:0.73-11.el5_9
  • AND dbus-glib-devel is signed with Red Hat redhatrelease key
    • BACK