Описание
ELSA-2012-1284: spice-gtk security update (MODERATE)
[0.11-11.el6_3.1]
- Fix version for Z-stream Related: rhbz#854823
[0.11-12]
- Add patch fixing CVE-2012-3524 Resolves: rhbz#854823
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
spice-glib
0.11-11.el6_3.1
spice-glib-devel
0.11-11.el6_3.1
spice-gtk
0.11-11.el6_3.1
spice-gtk-devel
0.11-11.el6_3.1
spice-gtk-python
0.11-11.el6_3.1
spice-gtk-tools
0.11-11.el6_3.1
Oracle Linux i686
spice-glib
0.11-11.el6_3.1
spice-glib-devel
0.11-11.el6_3.1
spice-gtk
0.11-11.el6_3.1
spice-gtk-devel
0.11-11.el6_3.1
spice-gtk-python
0.11-11.el6_3.1
spice-gtk-tools
0.11-11.el6_3.1
Связанные CVE
Связанные уязвимости
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
libgio, when used in setuid or other privileged programs in spice-gtk ...
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.