(RHSA-2010:0616) Moderate: dbus-glib security update

dbus-glib is an add-on library to integrate the standard D-Bus library with
the GLib main loop and threading model. NetworkManager is a network link
manager that attempts to keep a wired or wireless network connection active
at all times.

It was discovered that dbus-glib did not enforce the “access” flag on
exported GObject properties. If such a property were read/write internally
but specified as read-only externally, a malicious, local user could use
this flaw to modify that property of an application. Such a change could
impact the application’s behavior (for example, if an IP address were
changed the network may not come up properly after reboot) and possibly
lead to a denial of service. (CVE-2010-1172)

Due to the way dbus-glib translates an application’s XML definitions of
service interfaces and properties into C code at application build time,
applications built against dbus-glib that use read-only properties needed
to be rebuilt to fully fix the flaw. As such, this update provides
NetworkManager packages that have been rebuilt against the updated
dbus-glib packages. No other applications shipped with Red Hat Enterprise
Linux 5 were affected.

All dbus-glib and NetworkManager users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Running instances of NetworkManager must be restarted (service
NetworkManager restart) for this update to take effect.