Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1658-1] New dbus packages fix denial of service (1/2)

From Thijs Kinkhorst@1:229/2 to All on Wed Oct 22 22:00:12 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1658-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : dbus
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-3834
Debian Bug : 501443

Colin Walters discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack.

For the stable distribution (etch), this problem has been fixed in
version 1.0.2-1+etch2.

For the testing distribution (lenny) and unstable distribution (sid)
this problem will be fixed soon.

We recommend that you upgrade your dbus package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.dsc
Size/MD5 checksum: 824 476bb3df500c50f67b4088317482e0ef
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.diff.gz
Size/MD5 checksum: 19909 27df2fd0bc5cb93069d6c10d89e0214a
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855

Architecture independent packages:

http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch2_all.deb
Size/MD5 checksum: 1623126 68e4e1787515928f95af670ec2677663

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_alpha.deb
Size/MD5 checksum: 403640 fa77ef6e2fc986018a1b6074b3ae9343
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_alpha.deb
Size/MD5 checksum: 184728 631b1a1ed1215eb05a696b40a72db26c
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_alpha.deb
Size/MD5 checksum: 378152 662bea6b7c1db00fdf933b53a2334f7d
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_alpha.deb
Size/MD5 checksum: 289022 3ebba7555c92b42fdfe9331c35fbafc6

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_amd64.deb
Size/MD5 checksum: 279202 dfbd440a6a800eea8ba2e46b692dd636
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_amd64.deb
Size/MD5 checksum: 348548 ccc32fdddbaca40a7e62cffc250d493a
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_amd64.deb
Size/MD5 checksum: 363840 fd13ad30b922eff52503762ba60d08e0
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_amd64.deb
Size/MD5 checksum: 184096 cb1028347d48476de045ad633939119a

arm architecture (ARM)

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_arm.deb
Size/MD5 checksum: 331110 508d164df564a28f626b1941bf784bcd
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_arm.deb
Size/MD5 checksum: 183846 34fc9addad9e6e1858107a9382fc89e4
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_arm.deb
Size/MD5 checksum: 343302 dd43eeb35c44bb838d45d6324f9842fb
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_arm.deb
Size/MD5 checksum: 265858 e2438b408ec289d96454d30c971a1eeb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_hppa.deb
Size/MD5 checksum: 184866 7b0aa00c72398485849a46c3a376b5a3
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_hppa.deb
Size/MD5 checksum: 375644 6146db75333cc23bcf98184886e2358f
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_hppa.deb
Size/MD5 checksum: 362346 5002551bf82c33092fdd3fee8356078d
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_hppa.deb
Size/MD5 checksum: 285994 55964151812beb09104dadc5fe883ded

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_i386.deb
Size/MD5 checksum: 335874 116b0084af4713242092e2b07a64734f
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_i386.deb
Size/MD5 checksum: 349844 cfa20eea1e6e8be195d520199e8415c6
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_i386.deb
Size/MD5 checksum: 184284 98c8270b762a20bffc194124562c2a68
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_i386.deb
Size/MD5 checksum: 269032 ebf1993ab8d40f4d10becd43324c3fb7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_ia64.deb
Size/MD5 checksum: 439328 0e4d4761c026e5d1a1d0fec1a2e2cc59
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_ia64.deb
Size/MD5 checksum: 186576 9a83ca03b18ba3bbaa0e976c73e5ee49
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_ia64.deb
Size/MD5 checksum: 411494 c4e44af1f20c10c57205270249f337a9
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_ia64.deb
Size/MD5 checksum: 322378 94081937e3524ee2faecb311d0b55772

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mips.deb
Size/MD5 checksum: 370622 4bdcd5653af2b8d82005e4f517b9b4b4
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mips.deb
Size/MD5 checksum: 183866 413cae07b1a9058a0c6aebdd7f8ea027
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mips.deb
Size/MD5 checksum: 272250 6d0e938439d3eb8ca62606630b8c3703

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Regen
  Tue Jun 9 16:45:02 2026
  from Brooklyn, Ny via Telnet
- Bob Worm
  Tue Jun 9 14:47:58 2026
  from Wales, Uk via Telnet
- Krenn
  Tue Jun 9 11:18:15 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Tue Jun 9 10:31:07 2026
  from Wales, Uk via Telnet
- Centurion
  Mon Jun 8 23:30:43 2026
  from Berea, Ohio via Telnet
- Centurion
  Mon Jun 8 21:33:11 2026
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 8 20:15:00 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	716
Nodes:	16 (3 / 13)
Uptime:	48:36:21
Calls:	12,113
Calls today:	4
Files:	15,010
Messages:	6,518,521

[SECURITY] [DSA 1658-1] New dbus packages fix denial of service (1/2)

Who's Online

Recent Visitors

System Info