DBus-GLib Exploit Closed in Ubuntu 12.10

Other three editions of Ubuntu were affected by this problem

  Ubuntu 12.10 desktop
On February 27, Canonical published in a security notice details about a DBus-GLib vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

On February 27, Canonical published in a security notice details about a DBus-GLib vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, an attacker could have sent crafted input to applications, using Dbus-GLib, and could have possibly escalate privileges.

Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the "NameOwnerChanged" signal was received. A local attacker could possibly use this issue to escalate their privileges.

The security flaws can be fixed if you upgrade your system(s) to the latest libdbus-glib-1-2 package, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be necessary to implement the changes.

Comments