Mandriva Linux Security Advisory 2009-245 - The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. This update provides a solution to this vulnerability.
b7303f77179201e87765e107657cd61646d6660cc3ab11a9bd0f445dc8c4fed0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:245
http://www.mandriva.com/security/
_______________________________________________________________________
Package : glib2.0
Date : September 24, 2009
Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in glib2.0:
The g_file_copy function in glib 2.0 sets the permissions of a
target file to the permissions of a symbolic link (777), which
allows user-assisted local users to modify files of other users,
as demonstrated by using Nautilus to modify the permissions of the
user home directory (CVE-2009-3289).
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
ae1c20e8d9112331477f1431f47158e2 2008.1/i586/glib2.0-common-2.16.2-1.2mdv2008.1.i586.rpm
fd14fb35d8a7b26ee2cae61e21136c06 2008.1/i586/glib-gettextize-2.16.2-1.2mdv2008.1.i586.rpm
84b497096a9a71555d3fd8d1f712c879 2008.1/i586/libgio2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
de7c95da4c50e889da9c78941e3970ee 2008.1/i586/libglib2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
2361590b32522048bcc190ea009eb419 2008.1/i586/libglib2.0-devel-2.16.2-1.2mdv2008.1.i586.rpm
d184482ba568dccf84035c5b93755c49 2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
907f731ab0bfbd5b4ddea8b52a401be3 2008.1/x86_64/glib2.0-common-2.16.2-1.2mdv2008.1.x86_64.rpm
c974d23646c611b4e0414da1236540ec 2008.1/x86_64/glib-gettextize-2.16.2-1.2mdv2008.1.x86_64.rpm
0192faa9b22c4a8e720683dd355b6711 2008.1/x86_64/lib64gio2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
a3ef3597c55b264cddfab163248ad8a9 2008.1/x86_64/lib64glib2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
892df1175f288fa14100aad9d6bce63d 2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.2mdv2008.1.x86_64.rpm
d184482ba568dccf84035c5b93755c49 2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
2133c89664c7d752644230af6f28d397 2009.0/i586/glib2.0-common-2.18.1-1.2mdv2009.0.i586.rpm
58ef4dd4f636f35314f633a8249328c4 2009.0/i586/glib-gettextize-2.18.1-1.2mdv2009.0.i586.rpm
194d89e8844e1dc2e80bcb27a05bfcaa 2009.0/i586/libgio2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
c5f6d66e26ffa64cb35418c2daf5d090 2009.0/i586/libglib2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
bfd7c4003ef1ad91c137eefd55f35047 2009.0/i586/libglib2.0-devel-2.18.1-1.2mdv2009.0.i586.rpm
37955dd7418fb7822cbdb7098cf2ea39 2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2f1a001b5e54002a72b16cfd8fad3822 2009.0/x86_64/glib2.0-common-2.18.1-1.2mdv2009.0.x86_64.rpm
042458c3417c73c3ba76b6a93de5988d 2009.0/x86_64/glib-gettextize-2.18.1-1.2mdv2009.0.x86_64.rpm
529cd61cc5d548a6e19465fdaa1ce65f 2009.0/x86_64/lib64gio2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
acbcba01934b850ae7aa699821fb5e65 2009.0/x86_64/lib64glib2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
f72882f0dba8a21683ca131b64dd084e 2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.2mdv2009.0.x86_64.rpm
37955dd7418fb7822cbdb7098cf2ea39 2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
62fcdba32560bae021c1aaee8f893135 2009.1/i586/glib2.0-common-2.20.1-1.1mdv2009.1.i586.rpm
ef882c5f43b25c925cefcd4d0a003871 2009.1/i586/glib-gettextize-2.20.1-1.1mdv2009.1.i586.rpm
979d21c7ca8eef8bc81ab2588e899d0c 2009.1/i586/libgio2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
67cd61d9d06b4a19c3c4d5377dfadf01 2009.1/i586/libglib2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
96c2b24ac048e13cf93c61c73ac9bbcf 2009.1/i586/libglib2.0-devel-2.20.1-1.1mdv2009.1.i586.rpm
8f909b3e5122784881a84ea94cf0443d 2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
637690f302da59aa5a13470898281056 2009.1/x86_64/glib2.0-common-2.20.1-1.1mdv2009.1.x86_64.rpm
ed01dca71724f9a299964f6edf59c86b 2009.1/x86_64/glib-gettextize-2.20.1-1.1mdv2009.1.x86_64.rpm
2a3ddb7c73e78abd6bd15fd7c829d971 2009.1/x86_64/lib64gio2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
a44e47d08bdca6e674914df2262f6c77 2009.1/x86_64/lib64glib2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
7ad51363e921eed94a0a1710a3cabdcd 2009.1/x86_64/lib64glib2.0-devel-2.20.1-1.1mdv2009.1.x86_64.rpm
8f909b3e5122784881a84ea94cf0443d 2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm
Mandriva Enterprise Server 5:
01450569f510200a6a18e0b11a5360e2 mes5/i586/glib2.0-common-2.18.1-1.2mdvmes5.i586.rpm
f72db45f7da3fbfde0e42ee38fa131ea mes5/i586/glib-gettextize-2.18.1-1.2mdvmes5.i586.rpm
93e7fd1becd3a58b7accd21b4fe47691 mes5/i586/libgio2.0_0-2.18.1-1.2mdvmes5.i586.rpm
fe0b723bb741cd748b3763300e06525f mes5/i586/libglib2.0_0-2.18.1-1.2mdvmes5.i586.rpm
1918d153e32f3817079cfd55eabbc45d mes5/i586/libglib2.0-devel-2.18.1-1.2mdvmes5.i586.rpm
429eb4dc41a60f541dc25d3a58b5a16a mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
ff56e85b39fbc52791cbbaccda8da9ad mes5/x86_64/glib2.0-common-2.18.1-1.2mdvmes5.x86_64.rpm
3b4dbdd21a6b278b58d18f4653139913 mes5/x86_64/glib-gettextize-2.18.1-1.2mdvmes5.x86_64.rpm
406d2832060188af668adee3e20d361a mes5/x86_64/lib64gio2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
824900021d2e4cff1075f8810a398aa5 mes5/x86_64/lib64glib2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
ce39c721b0d676865af49afd8acf2154 mes5/x86_64/lib64glib2.0-devel-2.18.1-1.2mdvmes5.x86_64.rpm
429eb4dc41a60f541dc25d3a58b5a16a mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKu0thmqjQ0CJFipgRAsTcAKCZ1SX8iSD9PaX0xiD1dBHb9BU2BgCg2VZS
a+AVv7uHtHqlcEuzMoRta0A=
=DG/m
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed