Key Information Summary Announcement ID: USN-1576-2 Release Date: 4 Oct 2012 Summary: Dbus pam could be exploited to run programs with administrative privileges. Affected Ubuntu Versions: - 12.04 - 11.10 - 8.04 - 10.04 - 11.04 Package Information: - Package Name: - A simple inter-process communication system. Details: - Overview: USN-1576-1 fixed a vulnerability in Dbus. However, this update caused certain services that previously worked correctly to fail, and led to unclean shutdowns during upgrades. This update resolves those issues. We apologize for the inconvenience. - Original CVE Details: Sebastian Krahmer discovered that Dbus, when running with privileges, improperly handled environment variables. This could allow a local attacker to exploit the vulnerability and gain root privileges via setuid executable files. Fix: - It is recommended to use standard system updates to install the fix and complete all necessary steps. - How to Update: Upgrade to the following versions for your Ubuntu release: CVE ID: CVE-2012-3524 Related Announcement: USN-1576-1