Amazon Linux 1 Security Advisory: ALAS-2012-128
Advisory Release Date: 2012-09-22 21:37 Pacific
Advisory Updated Date: 2014-09-14 17:04 Pacific
It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524)
Affected Packages:
dbus
Issue Correction:
Run yum update dbus to update your system.
i686:
dbus-libs-1.2.24-7.16.amzn1.i686
dbus-debuginfo-1.2.24-7.16.amzn1.i686
dbus-1.2.24-7.16.amzn1.i686
dbus-devel-1.2.24-7.16.amzn1.i686
noarch:
dbus-doc-1.2.24-7.16.amzn1.noarch
src:
dbus-1.2.24-7.16.amzn1.src
x86_64:
dbus-1.2.24-7.16.amzn1.x86_64
dbus-devel-1.2.24-7.16.amzn1.x86_64
dbus-libs-1.2.24-7.16.amzn1.x86_64
dbus-debuginfo-1.2.24-7.16.amzn1.x86_64