USN-1612-1: libgssglue vulnerability

15 October 2012

Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuid programs.

Releases

Packages

  • libgssglue - header files and docs for libgssglue

Details

It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF
environment variable when running a privileged binary. A local attacker could
exploit this to gain root privileges. (CVE-2011-2709)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

References