- Vulnerability/
- RHSA-2010:0616
RHSA-2010:0616: Moderate: dbus-glib security update
First published: Tue Aug 10 2010(Updated: )
dbus-glib is an add-on library to integrate the standard D-Bus library with<br>the GLib main loop and threading model. NetworkManager is a network link<br>manager that attempts to keep a wired or wireless network connection active<br>at all times.<br>It was discovered that dbus-glib did not enforce the "access" flag on<br>exported GObject properties. If such a property were read/write internally<br>but specified as read-only externally, a malicious, local user could use<br>this flaw to modify that property of an application. Such a change could<br>impact the application's behavior (for example, if an IP address were<br>changed the network may not come up properly after reboot) and possibly<br>lead to a denial of service. (CVE-2010-1172)<br>Due to the way dbus-glib translates an application's XML definitions of<br>service interfaces and properties into C code at application build time,<br>applications built against dbus-glib that use read-only properties needed<br>to be rebuilt to fully fix the flaw. As such, this update provides<br>NetworkManager packages that have been rebuilt against the updated<br>dbus-glib packages. No other applications shipped with Red Hat Enterprise<br>Linux 5 were affected.<br>All dbus-glib and NetworkManager users are advised to upgrade to these<br>updated packages, which contain a backported patch to correct this issue.<br>Running instances of NetworkManager must be restarted (service<br>NetworkManager restart) for this update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/dbus-glib | <0.73-10.el5_5 | 0.73-10.el5_5 |
| redhat/dbus-glib | <0.73-10.el5_5 | 0.73-10.el5_5 |
| redhat/dbus-glib-devel | <0.73-10.el5_5 | 0.73-10.el5_5 |
| redhat/dbus-glib-devel | <0.73-10.el5_5 | 0.73-10.el5_5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0616
- agent/software-canonical-lookup
- package-manager/redhat