Solution
Please Install the Updated Packages.
Insight
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.
It was discovered that dbus-glib did not enforce the " access"
flag on
exported GObject properties. If such a property were read/write internally but specified as read-only externally, a malicious, local user could use this flaw to modify that property of an application. Such a change could impact the application's behavior (for example, if an IP address were changed the network may not come up properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172)
Due to the way dbus-glib translates an application's XML definitions of service interfaces and properties into C code at application build time, applications built against dbus-glib that use read-only properties needed to be rebuilt to fully fix the flaw. As such, this update provides NetworkManager packages that have been rebuilt against the updated dbus-glib packages. No other applications shipped with Red Hat Enterprise Linux 5 were affected.
All dbus-glib and NetworkManager users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Running instances of NetworkManager must be restarted (service NetworkManager restart) for this update to take effect.
Affected
NetworkManager on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1172 -
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities