[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2009:245 ] glib2.0



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:245
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glib2.0
 Date    : September 24, 2009
 Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in glib2.0:
 
 The g_file_copy function in glib 2.0 sets the permissions of a
 target file to the permissions of a symbolic link (777), which
 allows user-assisted local users to modify files of other users,
 as demonstrated by using Nautilus to modify the permissions of the
 user home directory (CVE-2009-3289).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 ae1c20e8d9112331477f1431f47158e2  
2008.1/i586/glib2.0-common-2.16.2-1.2mdv2008.1.i586.rpm
 fd14fb35d8a7b26ee2cae61e21136c06  
2008.1/i586/glib-gettextize-2.16.2-1.2mdv2008.1.i586.rpm
 84b497096a9a71555d3fd8d1f712c879  
2008.1/i586/libgio2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
 de7c95da4c50e889da9c78941e3970ee  
2008.1/i586/libglib2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
 2361590b32522048bcc190ea009eb419  
2008.1/i586/libglib2.0-devel-2.16.2-1.2mdv2008.1.i586.rpm 
 d184482ba568dccf84035c5b93755c49  
2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 907f731ab0bfbd5b4ddea8b52a401be3  
2008.1/x86_64/glib2.0-common-2.16.2-1.2mdv2008.1.x86_64.rpm
 c974d23646c611b4e0414da1236540ec  
2008.1/x86_64/glib-gettextize-2.16.2-1.2mdv2008.1.x86_64.rpm
 0192faa9b22c4a8e720683dd355b6711  
2008.1/x86_64/lib64gio2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
 a3ef3597c55b264cddfab163248ad8a9  
2008.1/x86_64/lib64glib2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
 892df1175f288fa14100aad9d6bce63d  
2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.2mdv2008.1.x86_64.rpm 
 d184482ba568dccf84035c5b93755c49  
2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 2133c89664c7d752644230af6f28d397  
2009.0/i586/glib2.0-common-2.18.1-1.2mdv2009.0.i586.rpm
 58ef4dd4f636f35314f633a8249328c4  
2009.0/i586/glib-gettextize-2.18.1-1.2mdv2009.0.i586.rpm
 194d89e8844e1dc2e80bcb27a05bfcaa  
2009.0/i586/libgio2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
 c5f6d66e26ffa64cb35418c2daf5d090  
2009.0/i586/libglib2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
 bfd7c4003ef1ad91c137eefd55f35047  
2009.0/i586/libglib2.0-devel-2.18.1-1.2mdv2009.0.i586.rpm 
 37955dd7418fb7822cbdb7098cf2ea39  
2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2f1a001b5e54002a72b16cfd8fad3822  
2009.0/x86_64/glib2.0-common-2.18.1-1.2mdv2009.0.x86_64.rpm
 042458c3417c73c3ba76b6a93de5988d  
2009.0/x86_64/glib-gettextize-2.18.1-1.2mdv2009.0.x86_64.rpm
 529cd61cc5d548a6e19465fdaa1ce65f  
2009.0/x86_64/lib64gio2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
 acbcba01934b850ae7aa699821fb5e65  
2009.0/x86_64/lib64glib2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
 f72882f0dba8a21683ca131b64dd084e  
2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.2mdv2009.0.x86_64.rpm 
 37955dd7418fb7822cbdb7098cf2ea39  
2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 62fcdba32560bae021c1aaee8f893135  
2009.1/i586/glib2.0-common-2.20.1-1.1mdv2009.1.i586.rpm
 ef882c5f43b25c925cefcd4d0a003871  
2009.1/i586/glib-gettextize-2.20.1-1.1mdv2009.1.i586.rpm
 979d21c7ca8eef8bc81ab2588e899d0c  
2009.1/i586/libgio2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
 67cd61d9d06b4a19c3c4d5377dfadf01  
2009.1/i586/libglib2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
 96c2b24ac048e13cf93c61c73ac9bbcf  
2009.1/i586/libglib2.0-devel-2.20.1-1.1mdv2009.1.i586.rpm 
 8f909b3e5122784881a84ea94cf0443d  
2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 637690f302da59aa5a13470898281056  
2009.1/x86_64/glib2.0-common-2.20.1-1.1mdv2009.1.x86_64.rpm
 ed01dca71724f9a299964f6edf59c86b  
2009.1/x86_64/glib-gettextize-2.20.1-1.1mdv2009.1.x86_64.rpm
 2a3ddb7c73e78abd6bd15fd7c829d971  
2009.1/x86_64/lib64gio2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
 a44e47d08bdca6e674914df2262f6c77  
2009.1/x86_64/lib64glib2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
 7ad51363e921eed94a0a1710a3cabdcd  
2009.1/x86_64/lib64glib2.0-devel-2.20.1-1.1mdv2009.1.x86_64.rpm 
 8f909b3e5122784881a84ea94cf0443d  
2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 01450569f510200a6a18e0b11a5360e2  
mes5/i586/glib2.0-common-2.18.1-1.2mdvmes5.i586.rpm
 f72db45f7da3fbfde0e42ee38fa131ea  
mes5/i586/glib-gettextize-2.18.1-1.2mdvmes5.i586.rpm
 93e7fd1becd3a58b7accd21b4fe47691  
mes5/i586/libgio2.0_0-2.18.1-1.2mdvmes5.i586.rpm
 fe0b723bb741cd748b3763300e06525f  
mes5/i586/libglib2.0_0-2.18.1-1.2mdvmes5.i586.rpm
 1918d153e32f3817079cfd55eabbc45d  
mes5/i586/libglib2.0-devel-2.18.1-1.2mdvmes5.i586.rpm 
 429eb4dc41a60f541dc25d3a58b5a16a  mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 ff56e85b39fbc52791cbbaccda8da9ad  
mes5/x86_64/glib2.0-common-2.18.1-1.2mdvmes5.x86_64.rpm
 3b4dbdd21a6b278b58d18f4653139913  
mes5/x86_64/glib-gettextize-2.18.1-1.2mdvmes5.x86_64.rpm
 406d2832060188af668adee3e20d361a  
mes5/x86_64/lib64gio2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
 824900021d2e4cff1075f8810a398aa5  
mes5/x86_64/lib64glib2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
 ce39c721b0d676865af49afd8acf2154  
mes5/x86_64/lib64glib2.0-devel-2.18.1-1.2mdvmes5.x86_64.rpm 
 429eb4dc41a60f541dc25d3a58b5a16a  mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKu0thmqjQ0CJFipgRAsTcAKCZ1SX8iSD9PaX0xiD1dBHb9BU2BgCg2VZS
a+AVv7uHtHqlcEuzMoRta0A=
=DG/m
-----END PGP SIGNATURE-----