Moderate: dbus-glib security update
| Advisory: | RHSA-2010:0616-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2010-08-10 |
| Last updated on: | 2010-08-10 |
| Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) |
| CVEs (cve.mitre.org): |
CVE-2010-1172 |
Details
Updated dbus-glib packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
dbus-glib is an add-on library to integrate the standard D-Bus library with
the GLib main loop and threading model. NetworkManager is a network link
manager that attempts to keep a wired or wireless network connection active
at all times.
It was discovered that dbus-glib did not enforce the "access" flag on
exported GObject properties. If such a property were read/write internally
but specified as read-only externally, a malicious, local user could use
this flaw to modify that property of an application. Such a change could
impact the application's behavior (for example, if an IP address were
changed the network may not come up properly after reboot) and possibly
lead to a denial of service. (CVE-2010-1172)
Due to the way dbus-glib translates an application's XML definitions of
service interfaces and properties into C code at application build time,
applications built against dbus-glib that use read-only properties needed
to be rebuilt to fully fix the flaw. As such, this update provides
NetworkManager packages that have been rebuilt against the updated
dbus-glib packages. No other applications shipped with Red Hat Enterprise
Linux 5 were affected.
All dbus-glib and NetworkManager users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Running instances of NetworkManager must be restarted (service
NetworkManager restart) for this update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| RHEL Desktop Workstation (v. 5 client) | |
| SRPMS: | |
| NetworkManager-0.7.0-10.el5_5.1.src.rpm File outdated by: RHBA-2011:1023 |
MD5: 98fd44717b267baf316651f82cb78854 SHA-256: 47e28c3b4c30b7218d0e4bb431e7846a192dd8799115bfbeaf6bbd3b2a788c18 |
| dbus-glib-0.73-10.el5_5.src.rpm | MD5: deac6c40655a54a803ff4fe1e1cbf3d4 SHA-256: 26eeef285492000bed744d4bc34e9189bfe84a6b92f5ac903156970b3ecf2e2d |
| IA-32: | |
| NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 979f850c8e1d2d3e730934334438f5e9 SHA-256: 502c2d8e8f656e075753a4a308918b0c19c69470f8558978c7a21eeb6f8825d4 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 66a775914e427ebeaf8d773982a52f8f SHA-256: 0eb137bb63237d01e6a7fd6c16b5c22b39fe68abc196834df4458ac4603106f7 |
| dbus-glib-devel-0.73-10.el5_5.i386.rpm | MD5: efef3ed259922a0a53899bfa909f0a36 SHA-256: 584aa20dcb48f4235ed247d03f337b997bd482d364632aa2d3a4f3e3102154f8 |
| x86_64: | |
| NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 979f850c8e1d2d3e730934334438f5e9 SHA-256: 502c2d8e8f656e075753a4a308918b0c19c69470f8558978c7a21eeb6f8825d4 |
| NetworkManager-devel-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: e96786505bb2b37d3f9333500b17db74 SHA-256: e4d96300f62bc1397cc20b11401c75521d11f9c874f8eb3652867b50fc5c9b4c |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 66a775914e427ebeaf8d773982a52f8f SHA-256: 0eb137bb63237d01e6a7fd6c16b5c22b39fe68abc196834df4458ac4603106f7 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: dfac6c57ac4370967cbbe606ae653915 SHA-256: 2a4b75e9ce2e3243eb160cf79ce869733df1d9f836e17a41c517dce93c43d4d9 |
| dbus-glib-devel-0.73-10.el5_5.i386.rpm | MD5: efef3ed259922a0a53899bfa909f0a36 SHA-256: 584aa20dcb48f4235ed247d03f337b997bd482d364632aa2d3a4f3e3102154f8 |
| dbus-glib-devel-0.73-10.el5_5.x86_64.rpm | MD5: 3e276da61a0749a4e1571bf052e00797 SHA-256: e07a8fa50d8b42e12407f7de4b4686d3edb4c2b393058eb7c5be48caf0b0d40c |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| NetworkManager-0.7.0-10.el5_5.1.src.rpm File outdated by: RHBA-2011:1023 |
MD5: 98fd44717b267baf316651f82cb78854 SHA-256: 47e28c3b4c30b7218d0e4bb431e7846a192dd8799115bfbeaf6bbd3b2a788c18 |
| dbus-glib-0.73-10.el5_5.src.rpm | MD5: deac6c40655a54a803ff4fe1e1cbf3d4 SHA-256: 26eeef285492000bed744d4bc34e9189bfe84a6b92f5ac903156970b3ecf2e2d |
| IA-32: | |
| NetworkManager-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: d0d787b7ad97614b3662fc633e76a7c7 SHA-256: 3d74a1b7a5b2853601b9a00d67fd8ce65412eb6ad623b41b553d9b88b86b5d4b |
| NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 979f850c8e1d2d3e730934334438f5e9 SHA-256: 502c2d8e8f656e075753a4a308918b0c19c69470f8558978c7a21eeb6f8825d4 |
| NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 4f0eb4ea16dcc7a1135e582b06cd22c0 SHA-256: 3565f84cca7d8cdfb3d863c94f0b4ca04011b76c86bd4adeb2a562abc697ec47 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 66a775914e427ebeaf8d773982a52f8f SHA-256: 0eb137bb63237d01e6a7fd6c16b5c22b39fe68abc196834df4458ac4603106f7 |
| NetworkManager-gnome-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 79e7d55b153d1bb2356088c1bbb7da2c SHA-256: fbd8e925f49e32e17188114fc149fbdbcec4a9ccde1aa9a9cc8df2d75bdbdeb8 |
| dbus-glib-0.73-10.el5_5.i386.rpm | MD5: 639934cd8b567bbf65dd97597f20e569 SHA-256: 3ee5d948bfb0c197973915fba1278cb7be83391f88a186fa3c59d0c40ec9eb28 |
| dbus-glib-devel-0.73-10.el5_5.i386.rpm | MD5: efef3ed259922a0a53899bfa909f0a36 SHA-256: 584aa20dcb48f4235ed247d03f337b997bd482d364632aa2d3a4f3e3102154f8 |
| IA-64: | |
| NetworkManager-0.7.0-10.el5_5.1.ia64.rpm File outdated by: RHBA-2011:1023 |
MD5: 0f9d61aa20222ff00316459a814f9cc3 SHA-256: cca91844b58179b643dced86d510e84bdf089cce161fd2ea019b2b0c544bae14 |
| NetworkManager-devel-0.7.0-10.el5_5.1.ia64.rpm File outdated by: RHBA-2011:1023 |
MD5: b4b6b2faffdb793653e6e1031fbaa806 SHA-256: 91f2390ad02c9371864ca17c87414299656b9444615c9727c1038e731b402408 |
| NetworkManager-glib-0.7.0-10.el5_5.1.ia64.rpm File outdated by: RHBA-2011:1023 |
MD5: 3dd335943abe4b160dd280da658e1064 SHA-256: c425721496ca33d11dcc6a9c160338d7f283ae6fa9131943c22441fa3f5d53a8 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.ia64.rpm File outdated by: RHBA-2011:1023 |
MD5: 918b0ecba3b0e350ca17997f74915ac4 SHA-256: 2f11511bb957ff8e8f4916168c72107b1279ac31837e3a5499fdc5243a575018 |
| NetworkManager-gnome-0.7.0-10.el5_5.1.ia64.rpm File outdated by: RHBA-2011:1023 |
MD5: fe43bcec96a530a4a54d110e596931a2 SHA-256: 0766509448806529b44bc1631653eb123f90e37f4c9e04a18f7138a2c17107ff |
| dbus-glib-0.73-10.el5_5.ia64.rpm | MD5: 34983e7e01eaaa40275443c1cc3fb25e SHA-256: d9827d50544db62d24c7bf98e25c21b596bb82b69d3b57ea0c6daf55fdfc297c |
| dbus-glib-devel-0.73-10.el5_5.ia64.rpm | MD5: 377573bb7e40d9055e016f996d90a7a8 SHA-256: d30f224f438cf9ffb872f4a6fc34d99275e3f11861d41f323b6349c972c31d41 |
| PPC: | |
| NetworkManager-0.7.0-10.el5_5.1.ppc.rpm File outdated by: RHBA-2011:1023 |
MD5: 28e2238f5d2ed62c18029b05c16da76e SHA-256: 4f76e4e6ca317f90c336c63770698a92c8007ab271edf9e6d47d5ef5943ffe41 |
| NetworkManager-0.7.0-10.el5_5.1.ppc64.rpm File outdated by: RHBA-2011:1023 |
MD5: 5051a0b109aae4d71b8042d2e92ad539 SHA-256: 9a36f22966b71799a462bcc339a8bad459a25842da79d314ce70753449c754e8 |
| NetworkManager-devel-0.7.0-10.el5_5.1.ppc.rpm File outdated by: RHBA-2011:1023 |
MD5: 009d478a8a49a95fd789bde4bd94356e SHA-256: a3928de1a5c065c0a3defed1c5581c8d317831daa646bed4749bdc7002718f5d |
| NetworkManager-devel-0.7.0-10.el5_5.1.ppc64.rpm File outdated by: RHBA-2011:1023 |
MD5: ddead255c4828c12840272fef63c5472 SHA-256: e24e8ce2e2ab099da977dd0f0d0bd5d2de85277885ebe4c0427f24c924d29be3 |
| NetworkManager-glib-0.7.0-10.el5_5.1.ppc.rpm File outdated by: RHBA-2011:1023 |
MD5: 9621f595750b3b62dc2535b1e9a74f7c SHA-256: e61519ebdbd7e6c73f707393b1003ef2ba06ceb057b8062ec79a045df7d460b2 |
| NetworkManager-glib-0.7.0-10.el5_5.1.ppc64.rpm File outdated by: RHBA-2011:1023 |
MD5: 04c618592713b26a4b2ccd9fef4f67a9 SHA-256: 3105ff322f14d882c2dcf4bdee59ec0a76fcb3e681079cba592638ee4413c44b |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.ppc.rpm File outdated by: RHBA-2011:1023 |
MD5: 32806be8eb5d28a8470c70f075020ebb SHA-256: 666b723d437b3f60a4c75e11e7e07eb09e012ec10e3a798615f1c8d73b89532f |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.ppc64.rpm File outdated by: RHBA-2011:1023 |
MD5: 3d4358513525b027b1e2e78a23a994d2 SHA-256: e26639c0be5ce87a17a0d8f17aff5b5f12b7763859e32711a1ffdeb932523927 |
| NetworkManager-gnome-0.7.0-10.el5_5.1.ppc.rpm File outdated by: RHBA-2011:1023 |
MD5: ddf33d58ff57e4aedd936859be719a3b SHA-256: 3f42061a1e862f0f23810f71b46a8fa8a6f15cccb95b23a744ab2eddd057d006 |
| dbus-glib-0.73-10.el5_5.ppc.rpm | MD5: 3572691c9136e6722a422686afbe815e SHA-256: 94a0c5bd61c974f09c5bfedd2f5ddb794a8e43247f2e298c53dc65e3eafd5bfa |
| dbus-glib-0.73-10.el5_5.ppc64.rpm | MD5: d5414c9f5710ddb92091c1f469031154 SHA-256: f158a5b2a63e8c78eef5c6f513ca9a4aa6d300874786113e30dc59d477323e0a |
| dbus-glib-devel-0.73-10.el5_5.ppc.rpm | MD5: f4f0d61b71670c96db1708e116078a10 SHA-256: 7787e94b376f6bbfa8fe67b93a6df2ada1c411b9086cf6ad7a6b0bfffd5bf64d |
| dbus-glib-devel-0.73-10.el5_5.ppc64.rpm | MD5: 0fb345e1ff51cbf8d1a56f136657a7c3 SHA-256: b1c1a2f0b8d9190dc56008583f97b71b4f0417be1669525918c1cebd13295c69 |
| s390x: | |
| dbus-glib-0.73-10.el5_5.s390.rpm | MD5: e62c700e62d88fd880fcda3140574b25 SHA-256: a6a0fe6e4a6a26c544df8660af7b05ffaaea96fff3a02b88d277ab8dcc3911f4 |
| dbus-glib-0.73-10.el5_5.s390x.rpm | MD5: 0456d41ab2fda14655cf88c5fb989ead SHA-256: b1e3a395e39ae413e61dca1fe9667e55f2c0a825d47573b82c462e811a8ab6ee |
| dbus-glib-devel-0.73-10.el5_5.s390.rpm | MD5: a1ca201a3f09de1a3409fc47e89f7d2f SHA-256: cf5d23c93d59b360f001263a52fbe66fc464610809e4b0a64dc6e478375b840c |
| dbus-glib-devel-0.73-10.el5_5.s390x.rpm | MD5: 1674fb338bb6bc8705f3cce80c6866c6 SHA-256: 00ef3540a5a46e03e6366078c3ee923f23ab6912cc227eec62cff3c7858d62be |
| x86_64: | |
| NetworkManager-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: d0d787b7ad97614b3662fc633e76a7c7 SHA-256: 3d74a1b7a5b2853601b9a00d67fd8ce65412eb6ad623b41b553d9b88b86b5d4b |
| NetworkManager-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: 615c599b929aa41dc17e16491891421e SHA-256: c80329fcd25d31d540262a103117821992f17be9e252282f1af3a2119a83c4c1 |
| NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 979f850c8e1d2d3e730934334438f5e9 SHA-256: 502c2d8e8f656e075753a4a308918b0c19c69470f8558978c7a21eeb6f8825d4 |
| NetworkManager-devel-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: e96786505bb2b37d3f9333500b17db74 SHA-256: e4d96300f62bc1397cc20b11401c75521d11f9c874f8eb3652867b50fc5c9b4c |
| NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 4f0eb4ea16dcc7a1135e582b06cd22c0 SHA-256: 3565f84cca7d8cdfb3d863c94f0b4ca04011b76c86bd4adeb2a562abc697ec47 |
| NetworkManager-glib-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: a67c4d2cddb4e2849eec1cd9379dc55e SHA-256: 943917fe47379e3617fac77c00cb5430aa1dc304ba0c359957b19c5e4593d3c5 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 66a775914e427ebeaf8d773982a52f8f SHA-256: 0eb137bb63237d01e6a7fd6c16b5c22b39fe68abc196834df4458ac4603106f7 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: dfac6c57ac4370967cbbe606ae653915 SHA-256: 2a4b75e9ce2e3243eb160cf79ce869733df1d9f836e17a41c517dce93c43d4d9 |
| NetworkManager-gnome-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: cc737e29c62899804f60252a86f406f4 SHA-256: c1c4e168242d208d3607484a9f2fc875b8f032342235009f4e467663fff47b39 |
| dbus-glib-0.73-10.el5_5.i386.rpm | MD5: 639934cd8b567bbf65dd97597f20e569 SHA-256: 3ee5d948bfb0c197973915fba1278cb7be83391f88a186fa3c59d0c40ec9eb28 |
| dbus-glib-0.73-10.el5_5.x86_64.rpm | MD5: 7525f395d4ed35c84147253850467ad0 SHA-256: ae0bf44c898790bbb419dc6d028ce997c261659460593a03afc546f8586c3e15 |
| dbus-glib-devel-0.73-10.el5_5.i386.rpm | MD5: efef3ed259922a0a53899bfa909f0a36 SHA-256: 584aa20dcb48f4235ed247d03f337b997bd482d364632aa2d3a4f3e3102154f8 |
| dbus-glib-devel-0.73-10.el5_5.x86_64.rpm | MD5: 3e276da61a0749a4e1571bf052e00797 SHA-256: e07a8fa50d8b42e12407f7de4b4686d3edb4c2b393058eb7c5be48caf0b0d40c |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| NetworkManager-0.7.0-10.el5_5.1.src.rpm File outdated by: RHBA-2011:1023 |
MD5: 98fd44717b267baf316651f82cb78854 SHA-256: 47e28c3b4c30b7218d0e4bb431e7846a192dd8799115bfbeaf6bbd3b2a788c18 |
| dbus-glib-0.73-10.el5_5.src.rpm | MD5: deac6c40655a54a803ff4fe1e1cbf3d4 SHA-256: 26eeef285492000bed744d4bc34e9189bfe84a6b92f5ac903156970b3ecf2e2d |
| IA-32: | |
| NetworkManager-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: d0d787b7ad97614b3662fc633e76a7c7 SHA-256: 3d74a1b7a5b2853601b9a00d67fd8ce65412eb6ad623b41b553d9b88b86b5d4b |
| NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm | MD5: 979f850c8e1d2d3e730934334438f5e9 SHA-256: 502c2d8e8f656e075753a4a308918b0c19c69470f8558978c7a21eeb6f8825d4 |
| NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 4f0eb4ea16dcc7a1135e582b06cd22c0 SHA-256: 3565f84cca7d8cdfb3d863c94f0b4ca04011b76c86bd4adeb2a562abc697ec47 |
| NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm | MD5: 66a775914e427ebeaf8d773982a52f8f SHA-256: 0eb137bb63237d01e6a7fd6c16b5c22b39fe68abc196834df4458ac4603106f7 |
| NetworkManager-gnome-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 79e7d55b153d1bb2356088c1bbb7da2c SHA-256: fbd8e925f49e32e17188114fc149fbdbcec4a9ccde1aa9a9cc8df2d75bdbdeb8 |
| dbus-glib-0.73-10.el5_5.i386.rpm | MD5: 639934cd8b567bbf65dd97597f20e569 SHA-256: 3ee5d948bfb0c197973915fba1278cb7be83391f88a186fa3c59d0c40ec9eb28 |
| dbus-glib-devel-0.73-10.el5_5.i386.rpm | MD5: efef3ed259922a0a53899bfa909f0a36 SHA-256: 584aa20dcb48f4235ed247d03f337b997bd482d364632aa2d3a4f3e3102154f8 |
| x86_64: | |
| NetworkManager-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: d0d787b7ad97614b3662fc633e76a7c7 SHA-256: 3d74a1b7a5b2853601b9a00d67fd8ce65412eb6ad623b41b553d9b88b86b5d4b |
| NetworkManager-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: 615c599b929aa41dc17e16491891421e SHA-256: c80329fcd25d31d540262a103117821992f17be9e252282f1af3a2119a83c4c1 |
| NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm File outdated by: RHBA-2011:1023 |
MD5: 4f0eb4ea16dcc7a1135e582b06cd22c0 SHA-256: 3565f84cca7d8cdfb3d863c94f0b4ca04011b76c86bd4adeb2a562abc697ec47 |
| NetworkManager-glib-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: a67c4d2cddb4e2849eec1cd9379dc55e SHA-256: 943917fe47379e3617fac77c00cb5430aa1dc304ba0c359957b19c5e4593d3c5 |
| NetworkManager-gnome-0.7.0-10.el5_5.1.x86_64.rpm File outdated by: RHBA-2011:1023 |
MD5: cc737e29c62899804f60252a86f406f4 SHA-256: c1c4e168242d208d3607484a9f2fc875b8f032342235009f4e467663fff47b39 |
| dbus-glib-0.73-10.el5_5.i386.rpm | MD5: 639934cd8b567bbf65dd97597f20e569 SHA-256: 3ee5d948bfb0c197973915fba1278cb7be83391f88a186fa3c59d0c40ec9eb28 |
| dbus-glib-0.73-10.el5_5.x86_64.rpm | MD5: 7525f395d4ed35c84147253850467ad0 SHA-256: ae0bf44c898790bbb419dc6d028ce997c261659460593a03afc546f8586c3e15 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
585394 - CVE-2010-1172 dbus-glib: property access not validated
References
https://www.redhat.com/security/data/cve/CVE-2010-1172.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
