DBus regressions

2012-10-04T00:00:00
ID USN-1576-2
Type ubuntu
Reporter Ubuntu
Modified 2012-10-04T00:00:00

Description

USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.