(RHSA-2013:0568) Important: dbus-glib security update

2013-02-26T05:00:00
ID RHSA-2013:0568
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:36

Description

dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model.

A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292)

All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.