CVE-2011-1709
https://notcve.org/view.php?id=CVE-2011-1709
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecución de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a través de vectores implican el tipo MIME x-scheme-handler/http. • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html http://secunia.com/advisories/44797 http://secunia.com/advisories/44808 http://www.securityfocus.com/bid/48084 http://www.ubuntu.com/usn/USN-1142-1 https://bugzilla.redhat.com/show_bug.cgi?id=709139 https://hermes.opensuse.org/messages/8643655 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4316 – glib2: integer overflows in the base64 handling functions (oCERT-2008-015)
https://notcve.org/view.php?id=CVE-2008-4316
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. Múltiples desbordamientos en glib/gbase64.c en GLib antes de la versión 2.20 permiten ejecutar, a atacantes dependientes del contexto, código arbitrario a través de una cadena demasiado larga que es convertida o bien (1) en o bien (2) desde una representación base64. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://secunia.com/advisories/34267 http://secunia.com/advisories/34317 http://secunia.com/advisories/34404 http://secunia.com/advisories/34416 http://secunia.com/advisories/34560 http://secunia.com/advisories/34854 http:/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •