Skip to navigation

Security Advisory Moderate: dbus security update

Advisory: RHSA-2008:0159-3
Type: Security Advisory
Severity: Moderate
Issued on: 2008-02-27
Last updated on: 2008-02-27
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2008-0595

Details

Updated dbus packages that fix an issue with circumventing the security
policy are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

D-Bus is a system for sending messages between applications. It is used
both for the system-wide message bus service, and as a
per-user-login-session messaging facility.

Havoc Pennington discovered a flaw in the way the dbus-daemon applies its
security policy. A user with the ability to connect to the dbus-daemon may
be able to execute certain method calls they should normally not have
permission to access. (CVE-2008-0595)

Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that
would allow a user to leverage this flaw to elevate their privileges.

This flaw does not affect the version of D-Bus shipped in Red Hat
Enterprise Linux 4.

All users are advised to upgrade to these updated dbus packages, which
contain a backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
dbus-1.0.0-6.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1361
    MD5: 76a2a62f6701ed1cf9ae281d53b9efff
 
IA-32:
dbus-devel-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 2cf0e662fece89e7dbce8006f9e0b673
 
x86_64:
dbus-devel-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 2cf0e662fece89e7dbce8006f9e0b673
dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1361
    MD5: f192dd3f3c0fc9030f9c290f43545345
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
dbus-1.0.0-6.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1361
    MD5: 76a2a62f6701ed1cf9ae281d53b9efff
 
IA-32:
dbus-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 6cb69483368642ef2a3f37de76648fde
dbus-devel-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 2cf0e662fece89e7dbce8006f9e0b673
dbus-x11-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 5b2df2bfcbc0af1f710bc790d829db1b
 
IA-64:
dbus-1.0.0-6.3.el5_1.ia64.rpm
File outdated by:  RHBA-2013:1361
    MD5: f7e073ae8382b0bff9ce4d77bed09ac2
dbus-devel-1.0.0-6.3.el5_1.ia64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 834276b27edcc48ea634375e0bedb0f0
dbus-x11-1.0.0-6.3.el5_1.ia64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 6515681cb2a8b32d17f282847020be1b
 
PPC:
dbus-1.0.0-6.3.el5_1.ppc.rpm
File outdated by:  RHBA-2013:1361
    MD5: 51d6f03c05af357409a0abec1bbe88d8
dbus-1.0.0-6.3.el5_1.ppc64.rpm
File outdated by:  RHBA-2013:1361
    MD5: b0f4b7c7ed076249477bef5f65e81136
dbus-devel-1.0.0-6.3.el5_1.ppc.rpm
File outdated by:  RHBA-2013:1361
    MD5: 0cfe2166d621369b40eb467f0e1eca00
dbus-devel-1.0.0-6.3.el5_1.ppc64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 3f6300c9d39a0ce16556c6ed18724b86
dbus-x11-1.0.0-6.3.el5_1.ppc.rpm
File outdated by:  RHBA-2013:1361
    MD5: f67c90a248d8e96d93d1fa3f6b18e680
 
s390x:
dbus-1.0.0-6.3.el5_1.s390.rpm
File outdated by:  RHBA-2013:1361
    MD5: 139319fc63412d33a9e8eb74ce60d34c
dbus-1.0.0-6.3.el5_1.s390x.rpm
File outdated by:  RHBA-2013:1361
    MD5: 559492ebef39604d93e43ce8fe7cfd0e
dbus-devel-1.0.0-6.3.el5_1.s390.rpm
File outdated by:  RHBA-2013:1361
    MD5: 4c24b73907c04afd6116141805662c78
dbus-devel-1.0.0-6.3.el5_1.s390x.rpm
File outdated by:  RHBA-2013:1361
    MD5: 258897618002c62848d598dfced02727
dbus-x11-1.0.0-6.3.el5_1.s390x.rpm
File outdated by:  RHBA-2013:1361
    MD5: 24ddffe0d36f3f69f535ec66c573eeed
 
x86_64:
dbus-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 6cb69483368642ef2a3f37de76648fde
dbus-1.0.0-6.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 428fdb50a34eb7837f574cb86ee113f5
dbus-devel-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 2cf0e662fece89e7dbce8006f9e0b673
dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1361
    MD5: f192dd3f3c0fc9030f9c290f43545345
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 94d5bb6c26f287bc531e9883a7821e71
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
dbus-1.0.0-6.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1361
    MD5: 76a2a62f6701ed1cf9ae281d53b9efff
 
IA-32:
dbus-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 6cb69483368642ef2a3f37de76648fde
dbus-x11-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 5b2df2bfcbc0af1f710bc790d829db1b
 
x86_64:
dbus-1.0.0-6.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1361
    MD5: 6cb69483368642ef2a3f37de76648fde
dbus-1.0.0-6.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 428fdb50a34eb7837f574cb86ee113f5
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1361
    MD5: 94d5bb6c26f287bc531e9883a7821e71
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
dbus-1.0.0-6.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1361
    MD5: 76a2a62f6701ed1cf9ae281d53b9efff
 
IA-32:
dbus-1.0.0-6.3.el5_1.i386.rpm     MD5: 6cb69483368642ef2a3f37de76648fde
dbus-devel-1.0.0-6.3.el5_1.i386.rpm     MD5: 2cf0e662fece89e7dbce8006f9e0b673
dbus-x11-1.0.0-6.3.el5_1.i386.rpm     MD5: 5b2df2bfcbc0af1f710bc790d829db1b
 
IA-64:
dbus-1.0.0-6.3.el5_1.ia64.rpm     MD5: f7e073ae8382b0bff9ce4d77bed09ac2
dbus-devel-1.0.0-6.3.el5_1.ia64.rpm     MD5: 834276b27edcc48ea634375e0bedb0f0
dbus-x11-1.0.0-6.3.el5_1.ia64.rpm     MD5: 6515681cb2a8b32d17f282847020be1b
 
PPC:
dbus-1.0.0-6.3.el5_1.ppc.rpm     MD5: 51d6f03c05af357409a0abec1bbe88d8
dbus-1.0.0-6.3.el5_1.ppc64.rpm     MD5: b0f4b7c7ed076249477bef5f65e81136
dbus-devel-1.0.0-6.3.el5_1.ppc.rpm     MD5: 0cfe2166d621369b40eb467f0e1eca00
dbus-devel-1.0.0-6.3.el5_1.ppc64.rpm     MD5: 3f6300c9d39a0ce16556c6ed18724b86
dbus-x11-1.0.0-6.3.el5_1.ppc.rpm     MD5: f67c90a248d8e96d93d1fa3f6b18e680
 
s390x:
dbus-1.0.0-6.3.el5_1.s390.rpm     MD5: 139319fc63412d33a9e8eb74ce60d34c
dbus-1.0.0-6.3.el5_1.s390x.rpm     MD5: 559492ebef39604d93e43ce8fe7cfd0e
dbus-devel-1.0.0-6.3.el5_1.s390.rpm     MD5: 4c24b73907c04afd6116141805662c78
dbus-devel-1.0.0-6.3.el5_1.s390x.rpm     MD5: 258897618002c62848d598dfced02727
dbus-x11-1.0.0-6.3.el5_1.s390x.rpm     MD5: 24ddffe0d36f3f69f535ec66c573eeed
 
x86_64:
dbus-1.0.0-6.3.el5_1.i386.rpm     MD5: 6cb69483368642ef2a3f37de76648fde
dbus-1.0.0-6.3.el5_1.x86_64.rpm     MD5: 428fdb50a34eb7837f574cb86ee113f5
dbus-devel-1.0.0-6.3.el5_1.i386.rpm     MD5: 2cf0e662fece89e7dbce8006f9e0b673
dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm     MD5: f192dd3f3c0fc9030f9c290f43545345
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm     MD5: 94d5bb6c26f287bc531e9883a7821e71
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

432419 - CVE-2008-0595 dbus security policy circumvention


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/