Mandriva Linux Security Advisory : glib2.0 (MDVSA-2013:083)
Medium Nessus Plugin ID 66097
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated glib2.0 packages fix security vulnerability :
It was discovered that the version of glib shipped with MBS 1 does not sanitise certain DBUS related environment variables. When used in combination with a setuid application which utilises dbus via glib, a local user could gain escalated privileges with a specially crafted environment. This is related to a similar issue with dbus (CVE-2012-3524).
This updated version of glib adds appropriate protection against such scenarios and also adds additional hardening when used in a setuid environment.
SolutionUpdate the affected packages.