USN-1612-1: libgssglue vulnerability
15 October 2012
Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuid programs.
- libgssglue - header files and docs for libgssglue
It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF
environment variable when running a privileged binary. A local attacker could
exploit this to gain root privileges. (CVE-2011-2709)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.