Security Advisory Moderate: dbus security update

Advisory: RHSA-2009:0008-14
Type: Security Advisory
Severity: Moderate
Issued on: 2009-01-07
Last updated on: 2009-01-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.2.z server)
OVAL: com.redhat.rhsa-20090008.xml
CVEs (cve.mitre.org): CVE-2008-3834

Details

Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

A denial-of-service flaw was discovered in the system for sending messages
between applications. A local user could send a message with a malformed
signature to the bus causing the bus (and, consequently, any process using
libdbus to receive messages) to abort. (CVE-2008-3834)

All users are advised to upgrade to these updated dbus packages, which
contain backported patch which resolve this issue. For the update to take
effect, all running instances of dbus-daemon and all running applications
using libdbus library must be restarted, or the system rebooted.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
dbus-1.0.0-7.el5_2.1.src.rpm
File outdated by:  RHBA-2009:0094		     d7938f41df4eec2f9030ce88d541989f
 
IA-32:
dbus-devel-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     cb6f79313c440f4abc24228fb2fe1700
 
x86_64:
dbus-devel-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     cb6f79313c440f4abc24228fb2fe1700
dbus-devel-1.0.0-7.el5_2.1.x86_64.rpm
File outdated by:  RHBA-2009:0094		     cf230eff667d58ee985b971cfac69a4e
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
dbus-1.0.0-7.el5_2.1.src.rpm
File outdated by:  RHBA-2009:0094		     d7938f41df4eec2f9030ce88d541989f
 
IA-32:
dbus-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     17da589f19ea644e998209a531ce5a27
dbus-devel-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     cb6f79313c440f4abc24228fb2fe1700
dbus-x11-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     24e375c55a0ea6030bc76077f97e8967
 
IA-64:
dbus-1.0.0-7.el5_2.1.ia64.rpm
File outdated by:  RHBA-2009:0094		     11ad89e2706905a9c52ef069d2930812
dbus-devel-1.0.0-7.el5_2.1.ia64.rpm
File outdated by:  RHBA-2009:0094		     e80c4efff916eef6e91bd61b6b4adc21
dbus-x11-1.0.0-7.el5_2.1.ia64.rpm
File outdated by:  RHBA-2009:0094		     94414a3a1e379663b9262e92ee88403e
 
PPC:
dbus-1.0.0-7.el5_2.1.ppc.rpm
File outdated by:  RHBA-2009:0094		     4c4006de9f2c467144d6ebc8402e7fc2
dbus-1.0.0-7.el5_2.1.ppc64.rpm
File outdated by:  RHBA-2009:0094		     90ef8c713512d26106d553db86ea774e
dbus-devel-1.0.0-7.el5_2.1.ppc.rpm
File outdated by:  RHBA-2009:0094		     11dd1d65070980f7b91b3240a0727ec7
dbus-devel-1.0.0-7.el5_2.1.ppc64.rpm
File outdated by:  RHBA-2009:0094		     cd6a146dd9b6ac08a985444ef5bcbea6
dbus-x11-1.0.0-7.el5_2.1.ppc.rpm
File outdated by:  RHBA-2009:0094		     45ccb12e21f7cbaaa4b25d0f3d543d92
 
s390x:
dbus-1.0.0-7.el5_2.1.s390.rpm
File outdated by:  RHBA-2009:0094		     fd809db554a57473e97438e877091cb0
dbus-1.0.0-7.el5_2.1.s390x.rpm
File outdated by:  RHBA-2009:0094		     ebfd9e3a05fabe35cba4d25e51cdf6de
dbus-devel-1.0.0-7.el5_2.1.s390.rpm
File outdated by:  RHBA-2009:0094		     24e07625828873c22f70edbdc1582317
dbus-devel-1.0.0-7.el5_2.1.s390x.rpm
File outdated by:  RHBA-2009:0094		     6a6f08289c4e830893e773ea1d1ba079
dbus-x11-1.0.0-7.el5_2.1.s390x.rpm
File outdated by:  RHBA-2009:0094		     a7f13bc7be64c55579460a38c418db86
 
x86_64:
dbus-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     17da589f19ea644e998209a531ce5a27
dbus-1.0.0-7.el5_2.1.x86_64.rpm
File outdated by:  RHBA-2009:0094		     9b99a9e217fa7376384c373bf6e39e09
dbus-devel-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     cb6f79313c440f4abc24228fb2fe1700
dbus-devel-1.0.0-7.el5_2.1.x86_64.rpm
File outdated by:  RHBA-2009:0094		     cf230eff667d58ee985b971cfac69a4e
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm
File outdated by:  RHBA-2009:0094		     4d4909427b516395c082c4b4f494f090
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
dbus-1.0.0-7.el5_2.1.src.rpm
File outdated by:  RHBA-2009:0094		     d7938f41df4eec2f9030ce88d541989f
 
IA-32:
dbus-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     17da589f19ea644e998209a531ce5a27
dbus-x11-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     24e375c55a0ea6030bc76077f97e8967
 
x86_64:
dbus-1.0.0-7.el5_2.1.i386.rpm
File outdated by:  RHBA-2009:0094		     17da589f19ea644e998209a531ce5a27
dbus-1.0.0-7.el5_2.1.x86_64.rpm
File outdated by:  RHBA-2009:0094		     9b99a9e217fa7376384c373bf6e39e09
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm
File outdated by:  RHBA-2009:0094		     4d4909427b516395c082c4b4f494f090
 
Red Hat Enterprise Linux EUS (v. 5.2.z server)
SRPMS:
dbus-1.0.0-7.el5_2.1.src.rpm
File outdated by:  RHBA-2009:0094		     d7938f41df4eec2f9030ce88d541989f
 
IA-32:
dbus-1.0.0-7.el5_2.1.i386.rpm     17da589f19ea644e998209a531ce5a27
dbus-devel-1.0.0-7.el5_2.1.i386.rpm     cb6f79313c440f4abc24228fb2fe1700
dbus-x11-1.0.0-7.el5_2.1.i386.rpm     24e375c55a0ea6030bc76077f97e8967
 
IA-64:
dbus-1.0.0-7.el5_2.1.ia64.rpm     11ad89e2706905a9c52ef069d2930812
dbus-devel-1.0.0-7.el5_2.1.ia64.rpm     e80c4efff916eef6e91bd61b6b4adc21
dbus-x11-1.0.0-7.el5_2.1.ia64.rpm     94414a3a1e379663b9262e92ee88403e
 
PPC:
dbus-1.0.0-7.el5_2.1.ppc.rpm     4c4006de9f2c467144d6ebc8402e7fc2
dbus-1.0.0-7.el5_2.1.ppc64.rpm     90ef8c713512d26106d553db86ea774e
dbus-devel-1.0.0-7.el5_2.1.ppc.rpm     11dd1d65070980f7b91b3240a0727ec7
dbus-devel-1.0.0-7.el5_2.1.ppc64.rpm     cd6a146dd9b6ac08a985444ef5bcbea6
dbus-x11-1.0.0-7.el5_2.1.ppc.rpm     45ccb12e21f7cbaaa4b25d0f3d543d92
 
s390x:
dbus-1.0.0-7.el5_2.1.s390.rpm     fd809db554a57473e97438e877091cb0
dbus-1.0.0-7.el5_2.1.s390x.rpm     ebfd9e3a05fabe35cba4d25e51cdf6de
dbus-devel-1.0.0-7.el5_2.1.s390.rpm     24e07625828873c22f70edbdc1582317
dbus-devel-1.0.0-7.el5_2.1.s390x.rpm     6a6f08289c4e830893e773ea1d1ba079
dbus-x11-1.0.0-7.el5_2.1.s390x.rpm     a7f13bc7be64c55579460a38c418db86
 
x86_64:
dbus-1.0.0-7.el5_2.1.i386.rpm     17da589f19ea644e998209a531ce5a27
dbus-1.0.0-7.el5_2.1.x86_64.rpm     9b99a9e217fa7376384c373bf6e39e09
dbus-devel-1.0.0-7.el5_2.1.i386.rpm     cb6f79313c440f4abc24228fb2fe1700
dbus-devel-1.0.0-7.el5_2.1.x86_64.rpm     cf230eff667d58ee985b971cfac69a4e
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm     4d4909427b516395c082c4b4f494f090
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

464674 - CVE-2008-3834 dbus denial of service


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/