USN-1612-1: libgssglue vulnerability

15 October 2012

Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuid programs.



  • libgssglue - header files and docs for libgssglue


It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF
environment variable when running a privileged binary. A local attacker could
exploit this to gain root privileges. (CVE-2011-2709)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.