Summary: | <dev-libs/dbus-glib-0.100.2 : authentication bypass due to insufficient checks (CVE-2013-0292) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | teidakankan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/02/15/10 | ||
Whiteboard: | ?? [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-02-16 07:44:33 UTC
*** Bug 458144 has been marked as a duplicate of this bug. *** Thanks, fixed by dbus-glib-0.100.1, which now needs to be stabilized everywhere. +*dbus-glib-0.100.1 (19 Feb 2013) + + 19 Feb 2013; Alexandre Rostovtsev <tetromino@gentoo.org> + +dbus-glib-0.100.1.ebuild: + Bump, fixes authentication bypass (CVE-2013-0292, bug #457792). Test and mark stable: =dev-libs/dbus-glib-0.100.2 amd64 stable x86 stable (In reply to comment #4) > amd64 stable (In reply to comment #5) > x86 stable You got wrong version, read Comment #3. Version .1 is buggy so we jump to .2. (In reply to comment #6) > (In reply to comment #4) > > amd64 stable > > (In reply to comment #5) > > x86 stable > > You got wrong version, read Comment #3. Version .1 is buggy so we jump to .2. my bad, will be fixed asap. x86 stable amd64 stable ppc stable ppc64 stable Stable for HPPA. ia64 stable arm stable alpha stable s390 stable sparc stable sh stable CVE-2013-0292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0292): The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. Ready for vote. I vote NO, due to deprecation. m68k: continued in bug 473190 GLSA vote: no Closing as noglsa |