[Pkg-utopia-maintainers] Bug#700638: CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1
Simon McVittie
smcv at debian.org
Fri Feb 15 17:44:49 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package: libdbus-glib-1-2
Version: 0.100-1
Severity: critical
Tags: upstream patch security
Justification: root security hole
Control: fixed -1 0.100.1-1
Sebastian Krahmer discovered and published an authentication bypass
vulnerability in pam_fprintd, caused by a bug in dbus-glib. It is
possible that other users of dbus-glib can be exploited in the same
way. CVE-2013-0292 has been allocated for this vulnerability.
I've just released 0.100.1 upstream and uploaded it to unstable: fixing
this was the only change.
pam_fprintd is not present in stable or oldstable, but I'll check whether
this bug was present in those versions of dbus-glib, in case there are other
exploitation vectors.
S
- -- System Information:
Debian Release: 7.0
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libdbus-glib-1-2 depends on:
ii libc6 2.13-38
ii libdbus-1-3 1.6.8-1
ii libglib2.0-0 2.33.12+really2.32.4-5
ii multiarch-support 2.13-38
libdbus-glib-1-2 recommends no packages.
libdbus-glib-1-2 suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iQIVAwUBUR50CE3o/ypjx8yQAQid6BAAiiRVd0KBlMPSqXVoGukxVsBfotAtU4jt
Bfl/3Uvz93lxCniRDY64G3yc1PzEAVjLDPEOZMEENBbcP4lahFIuGJ3n0DwP1Kem
cdx5DyW2fgZn81sw3bZCS8fsyqZFRH5xzg2xTgEOENtfklSQRNCiFeown7mJiFpN
BMqlaLfMJj0Scu6lOsR/b4ApeYAZglbGYFfwTzEuXeXyn/wWP4k9mUq1zJwqUyYw
v0WH8tMrG/HxsS3cz9c/TBCPqoyiKkaW3dkidOQSWletzpD2T+tWo+/Zkek+xqwS
6//UCIyj3vrCHUaRbmq2yr/COkHY2gGTibqcz2kRk6HlZUamqey9FCbVHuHpCDAp
uFukgxVxAmvAHpVoqb0WDxVMpu0pGbn5x8n4C70ZNBpe923QP0bTDYuDMysTECQY
TmLa3TGpwdJbpDOLtlO2EcnTHyeuuJNfQ+6BxqNBz5v+hDOVswp48Ogs/ybjTGXQ
sABQW1/obIVRnOhtQxW3Pe8I6zJc/1rN7f/4VUVobxSrjWAq6V3huvFvdRH+Kydf
uRIa9TC34qACaN4kWVzfGcLuFrbabOziqFmjTx1thudSB00A5aaA5XH0ZV9m3+dm
3iluTSf7cmOSJRV7SGYyhzff9ro/Omv6l5HjH6zjhi8azNY0V4oJ8z5Cl6V92JNu
G3pb4/1IVW4=
=UmVJ
-----END PGP SIGNATURE-----
More information about the Pkg-utopia-maintainers
mailing list