Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:245 ] glib2.0

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1253800290-13155-2008

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:245

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : glib2.0

Date : September 24, 2009

Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability was discovered and corrected in glib2.0:

 

The g_file_copy function in glib 2.0 sets the permissions of a

target file to the permissions of a symbolic link (777), which

allows user-assisted local users to modify files of other users,

as demonstrated by using Nautilus to modify the permissions of the

user home directory (CVE-2009-3289).

 

This update provides a solution to this vulnerability.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

ae1c20e8d9112331477f1431f47158e2 2008.1/i586/glib2.0-common-2.16.2-1.2mdv2008.1.i586.rpm

fd14fb35d8a7b26ee2cae61e21136c06 2008.1/i586/glib-gettextize-2.16.2-1.2mdv2008.1.i586.rpm

84b497096a9a71555d3fd8d1f712c879 2008.1/i586/libgio2.0_0-2.16.2-1.2mdv2008.1.i586.rpm

de7c95da4c50e889da9c78941e3970ee 2008.1/i586/libglib2.0_0-2.16.2-1.2mdv2008.1.i586.rpm

2361590b32522048bcc190ea009eb419 2008.1/i586/libglib2.0-devel-2.16.2-1.2mdv2008.1.i586.rpm

d184482ba568dccf84035c5b93755c49 2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

907f731ab0bfbd5b4ddea8b52a401be3 2008.1/x86_64/glib2.0-common-2.16.2-1.2mdv2008.1.x86_64.rpm

c974d23646c611b4e0414da1236540ec 2008.1/x86_64/glib-gettextize-2.16.2-1.2mdv2008.1.x86_64.rpm

0192faa9b22c4a8e720683dd355b6711 2008.1/x86_64/lib64gio2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm

a3ef3597c55b264cddfab163248ad8a9 2008.1/x86_64/lib64glib2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm

892df1175f288fa14100aad9d6bce63d 2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.2mdv2008.1.x86_64.rpm

d184482ba568dccf84035c5b93755c49 2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

2133c89664c7d752644230af6f28d397 2009.0/i586/glib2.0-common-2.18.1-1.2mdv2009.0.i586.rpm

58ef4dd4f636f35314f633a8249328c4 2009.0/i586/glib-gettextize-2.18.1-1.2mdv2009.0.i586.rpm

194d89e8844e1dc2e80bcb27a05bfcaa 2009.0/i586/libgio2.0_0-2.18.1-1.2mdv2009.0.i586.rpm

c5f6d66e26ffa64cb35418c2daf5d090 2009.0/i586/libglib2.0_0-2.18.1-1.2mdv2009.0.i586.rpm

bfd7c4003ef1ad91c137eefd55f35047 2009.0/i586/libglib2.0-devel-2.18.1-1.2mdv2009.0.i586.rpm

37955dd7418fb7822cbdb7098cf2ea39 2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

2f1a001b5e54002a72b16cfd8fad3822 2009.0/x86_64/glib2.0-common-2.18.1-1.2mdv2009.0.x86_64.rpm

042458c3417c73c3ba76b6a93de5988d 2009.0/x86_64/glib-gettextize-2.18.1-1.2mdv2009.0.x86_64.rpm

529cd61cc5d548a6e19465fdaa1ce65f 2009.0/x86_64/lib64gio2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm

acbcba01934b850ae7aa699821fb5e65 2009.0/x86_64/lib64glib2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm

f72882f0dba8a21683ca131b64dd084e 2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.2mdv2009.0.x86_64.rpm

37955dd7418fb7822cbdb7098cf2ea39 2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

62fcdba32560bae021c1aaee8f893135 2009.1/i586/glib2.0-common-2.20.1-1.1mdv2009.1.i586.rpm

ef882c5f43b25c925cefcd4d0a003871 2009.1/i586/glib-gettextize-2.20.1-1.1mdv2009.1.i586.rpm

979d21c7ca8eef8bc81ab2588e899d0c 2009.1/i586/libgio2.0_0-2.20.1-1.1mdv2009.1.i586.rpm

67cd61d9d06b4a19c3c4d5377dfadf01 2009.1/i586/libglib2.0_0-2.20.1-1.1mdv2009.1.i586.rpm

96c2b24ac048e13cf93c61c73ac9bbcf 2009.1/i586/libglib2.0-devel-2.20.1-1.1mdv2009.1.i586.rpm

8f909b3e5122784881a84ea94cf0443d 2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

637690f302da59aa5a13470898281056 2009.1/x86_64/glib2.0-common-2.20.1-1.1mdv2009.1.x86_64.rpm

ed01dca71724f9a299964f6edf59c86b 2009.1/x86_64/glib-gettextize-2.20.1-1.1mdv2009.1.x86_64.rpm

2a3ddb7c73e78abd6bd15fd7c829d971 2009.1/x86_64/lib64gio2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm

a44e47d08bdca6e674914df2262f6c77 2009.1/x86_64/lib64glib2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm

7ad51363e921eed94a0a1710a3cabdcd 2009.1/x86_64/lib64glib2.0-devel-2.20.1-1.1mdv2009.1.x86_64.rpm

8f909b3e5122784881a84ea94cf0443d 2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

 

Mandriva Enterprise Server 5:

01450569f510200a6a18e0b11a5360e2 mes5/i586/glib2.0-common-2.18.1-1.2mdvmes5.i586.rpm

f72db45f7da3fbfde0e42ee38fa131ea mes5/i586/glib-gettextize-2.18.1-1.2mdvmes5.i586.rpm

93e7fd1becd3a58b7accd21b4fe47691 mes5/i586/libgio2.0_0-2.18.1-1.2mdvmes5.i586.rpm

fe0b723bb741cd748b3763300e06525f mes5/i586/libglib2.0_0-2.18.1-1.2mdvmes5.i586.rpm

1918d153e32f3817079cfd55eabbc45d mes5/i586/libglib2.0-devel-2.18.1-1.2mdvmes5.i586.rpm

429eb4dc41a60f541dc25d3a58b5a16a mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm

 

Mandriva Enterprise Server 5/X86_64:

ff56e85b39fbc52791cbbaccda8da9ad mes5/x86_64/glib2.0-common-2.18.1-1.2mdvmes5.x86_64.rpm

3b4dbdd21a6b278b58d18f4653139913 mes5/x86_64/glib-gettextize-2.18.1-1.2mdvmes5.x86_64.rpm

406d2832060188af668adee3e20d361a mes5/x86_64/lib64gio2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm

824900021d2e4cff1075f8810a398aa5 mes5/x86_64/lib64glib2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm

ce39c721b0d676865af49afd8acf2154 mes5/x86_64/lib64glib2.0-devel-2.18.1-1.2mdvmes5.x86_64.rpm

429eb4dc41a60f541dc25d3a58b5a16a mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFKu0thmqjQ0CJFipgRAsTcAKCZ1SX8iSD9PaX0xiD1dBHb9BU2BgCg2VZS

a+AVv7uHtHqlcEuzMoRta0A=

=DG/m

-----END PGP SIGNATURE-----

 

 

------------=_1253800290-13155-2008

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1253800290-13155-2008--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×