Skip to navigation

Security Advisory Moderate: dbus security update

Advisory: RHSA-2010:0018-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-01-07
Last updated on: 2010-01-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2009-1189

Details

Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did
not correctly fix the denial of service flaw in the system for sending
messages between applications. A local user could use this flaw to send a
message with a malformed signature to the bus, causing the bus (and,
consequently, any process using libdbus to receive messages) to abort.
(CVE-2009-1189)

Note: Users running any application providing services over the system
message bus are advised to test this update carefully before deploying it
in production environments.

All users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. For the update to take effect, all
running instances of dbus-daemon and all running applications using the
libdbus library must be restarted, or the system rebooted.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
dbus-1.1.2-12.el5_4.1.src.rpm
File outdated by:  RHSA-2011:1132		     MD5: f3bd465434f24f5bc8d7f415c284371c
 
IA-32:
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 4c89127a2143660a2d66eeee6e65b8ea
 
x86_64:
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 4c89127a2143660a2d66eeee6e65b8ea
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7cb055a47aede38cdeec8f1b3cbb8a7d
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
dbus-1.1.2-12.el5_4.1.src.rpm
File outdated by:  RHSA-2011:1132		     MD5: f3bd465434f24f5bc8d7f415c284371c
 
IA-32:
dbus-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 03d44e17c39fcdc410e159b023928b9f
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 4c89127a2143660a2d66eeee6e65b8ea
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7e2401a3a8f07b560e3cbd60b4360c71
dbus-x11-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: cf19b34e7c222ca9e0db9ad041dc6d3d
 
IA-64:
dbus-1.1.2-12.el5_4.1.ia64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 3bb6062cdaacb23464af25de372b1f01
dbus-devel-1.1.2-12.el5_4.1.ia64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 4ecee079e6067b44bd578a8b26d19e7f
dbus-libs-1.1.2-12.el5_4.1.ia64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 13ea9f374b1e6a9aefe1c12c0b26b3b5
dbus-x11-1.1.2-12.el5_4.1.ia64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 0abca4ca86f378e4f2bf31f6ac29edf5
 
PPC:
dbus-1.1.2-12.el5_4.1.ppc.rpm
File outdated by:  RHSA-2011:1132		     MD5: c9f3cab66b529d56a19c22873084511f
dbus-1.1.2-12.el5_4.1.ppc64.rpm
File outdated by:  RHSA-2011:1132		     MD5: fea37df7527a3146a1c65c3ca7667746
dbus-devel-1.1.2-12.el5_4.1.ppc.rpm
File outdated by:  RHSA-2011:1132		     MD5: 78969c1bfcf449fa0c2a7759cc1754be
dbus-devel-1.1.2-12.el5_4.1.ppc64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 1b3c3a0afef4f48c705030db8061135d
dbus-libs-1.1.2-12.el5_4.1.ppc.rpm
File outdated by:  RHSA-2011:1132		     MD5: 2fa024ca1bc5583eb085b01008ab84f6
dbus-libs-1.1.2-12.el5_4.1.ppc64.rpm
File outdated by:  RHSA-2011:1132		     MD5: bf1e2e4c9119f3b1470c598fabe328d5
dbus-x11-1.1.2-12.el5_4.1.ppc.rpm
File outdated by:  RHSA-2011:1132		     MD5: ae1a42d65150abbe1b8f6bd2c0f84b6c
 
s390x:
dbus-1.1.2-12.el5_4.1.s390.rpm
File outdated by:  RHSA-2011:1132		     MD5: b1965618c7fc2bda8e83e2faadf134bd
dbus-1.1.2-12.el5_4.1.s390x.rpm
File outdated by:  RHSA-2011:1132		     MD5: 2a96173a02401fa214943a613c55d3ff
dbus-devel-1.1.2-12.el5_4.1.s390.rpm
File outdated by:  RHSA-2011:1132		     MD5: 8acb8f28e319fbc6088279788680179c
dbus-devel-1.1.2-12.el5_4.1.s390x.rpm
File outdated by:  RHSA-2011:1132		     MD5: 91f178337a66fa824e64db6094f7a67c
dbus-libs-1.1.2-12.el5_4.1.s390.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7f48861aecb80f2554efec99bfa12749
dbus-libs-1.1.2-12.el5_4.1.s390x.rpm
File outdated by:  RHSA-2011:1132		     MD5: 8fa55b0a81043684160fc838982a16d4
dbus-x11-1.1.2-12.el5_4.1.s390x.rpm
File outdated by:  RHSA-2011:1132		     MD5: 1f237d3781fd4f4bcf502b31997642bd
 
x86_64:
dbus-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 03d44e17c39fcdc410e159b023928b9f
dbus-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 9d9e039685a597647e6ee3fc5d97b9ed
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 4c89127a2143660a2d66eeee6e65b8ea
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7cb055a47aede38cdeec8f1b3cbb8a7d
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7e2401a3a8f07b560e3cbd60b4360c71
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7a2bfd84d5d71fabca30b80d3ab49370
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 8a99d4ab11a5c3ccd4039aef2e9e2874
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
dbus-1.1.2-12.el5_4.1.src.rpm
File outdated by:  RHSA-2011:1132		     MD5: f3bd465434f24f5bc8d7f415c284371c
 
IA-32:
dbus-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 03d44e17c39fcdc410e159b023928b9f
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7e2401a3a8f07b560e3cbd60b4360c71
dbus-x11-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: cf19b34e7c222ca9e0db9ad041dc6d3d
 
x86_64:
dbus-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 03d44e17c39fcdc410e159b023928b9f
dbus-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 9d9e039685a597647e6ee3fc5d97b9ed
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7e2401a3a8f07b560e3cbd60b4360c71
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 7a2bfd84d5d71fabca30b80d3ab49370
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2011:1132		     MD5: 8a99d4ab11a5c3ccd4039aef2e9e2874
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)
SRPMS:
dbus-1.1.2-12.el5_4.1.src.rpm
File outdated by:  RHSA-2011:1132		     MD5: f3bd465434f24f5bc8d7f415c284371c
 
IA-32:
dbus-1.1.2-12.el5_4.1.i386.rpm     MD5: 03d44e17c39fcdc410e159b023928b9f
dbus-devel-1.1.2-12.el5_4.1.i386.rpm     MD5: 4c89127a2143660a2d66eeee6e65b8ea
dbus-libs-1.1.2-12.el5_4.1.i386.rpm     MD5: 7e2401a3a8f07b560e3cbd60b4360c71
dbus-x11-1.1.2-12.el5_4.1.i386.rpm     MD5: cf19b34e7c222ca9e0db9ad041dc6d3d
 
IA-64:
dbus-1.1.2-12.el5_4.1.ia64.rpm     MD5: 3bb6062cdaacb23464af25de372b1f01
dbus-devel-1.1.2-12.el5_4.1.ia64.rpm     MD5: 4ecee079e6067b44bd578a8b26d19e7f
dbus-libs-1.1.2-12.el5_4.1.ia64.rpm     MD5: 13ea9f374b1e6a9aefe1c12c0b26b3b5
dbus-x11-1.1.2-12.el5_4.1.ia64.rpm     MD5: 0abca4ca86f378e4f2bf31f6ac29edf5
 
PPC:
dbus-1.1.2-12.el5_4.1.ppc.rpm     MD5: c9f3cab66b529d56a19c22873084511f
dbus-1.1.2-12.el5_4.1.ppc64.rpm     MD5: fea37df7527a3146a1c65c3ca7667746
dbus-devel-1.1.2-12.el5_4.1.ppc.rpm     MD5: 78969c1bfcf449fa0c2a7759cc1754be
dbus-devel-1.1.2-12.el5_4.1.ppc64.rpm     MD5: 1b3c3a0afef4f48c705030db8061135d
dbus-libs-1.1.2-12.el5_4.1.ppc.rpm     MD5: 2fa024ca1bc5583eb085b01008ab84f6
dbus-libs-1.1.2-12.el5_4.1.ppc64.rpm     MD5: bf1e2e4c9119f3b1470c598fabe328d5
dbus-x11-1.1.2-12.el5_4.1.ppc.rpm     MD5: ae1a42d65150abbe1b8f6bd2c0f84b6c
 
s390x:
dbus-1.1.2-12.el5_4.1.s390.rpm     MD5: b1965618c7fc2bda8e83e2faadf134bd
dbus-1.1.2-12.el5_4.1.s390x.rpm     MD5: 2a96173a02401fa214943a613c55d3ff
dbus-devel-1.1.2-12.el5_4.1.s390.rpm     MD5: 8acb8f28e319fbc6088279788680179c
dbus-devel-1.1.2-12.el5_4.1.s390x.rpm     MD5: 91f178337a66fa824e64db6094f7a67c
dbus-libs-1.1.2-12.el5_4.1.s390.rpm     MD5: 7f48861aecb80f2554efec99bfa12749
dbus-libs-1.1.2-12.el5_4.1.s390x.rpm     MD5: 8fa55b0a81043684160fc838982a16d4
dbus-x11-1.1.2-12.el5_4.1.s390x.rpm     MD5: 1f237d3781fd4f4bcf502b31997642bd
 
x86_64:
dbus-1.1.2-12.el5_4.1.i386.rpm     MD5: 03d44e17c39fcdc410e159b023928b9f
dbus-1.1.2-12.el5_4.1.x86_64.rpm     MD5: 9d9e039685a597647e6ee3fc5d97b9ed
dbus-devel-1.1.2-12.el5_4.1.i386.rpm     MD5: 4c89127a2143660a2d66eeee6e65b8ea
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm     MD5: 7cb055a47aede38cdeec8f1b3cbb8a7d
dbus-libs-1.1.2-12.el5_4.1.i386.rpm     MD5: 7e2401a3a8f07b560e3cbd60b4360c71
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm     MD5: 7a2bfd84d5d71fabca30b80d3ab49370
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm     MD5: 8a99d4ab11a5c3ccd4039aef2e9e2874
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

496672 - CVE-2009-1189 dbus: invalid fix for CVE-2008-3834


References

https://www.redhat.com/security/data/cve/CVE-2009-1189.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/