Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1837-1] New dbus packages fix denial of service (1/3)

From Steffen Joeris@1:229/2 to All on Sat Jul 18 11:00:14 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1837-1 [email protected] http://www.debian.org/security/ Steffen Joeris
July 18, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : dbus
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-1189
Debian Bug : 532720

It was discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack. This issue was caused by an incorrect fix for
DSA-1658-1.

For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 1.0.2-1+etch3.

Packages for ia64 and s390 will be released once they are available.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.2.14-1.

We recommend that you upgrade your dbus packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz
Size/MD5 checksum: 20482 fd114e50577aade0211a25bc05ac064d
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc
Size/MD5 checksum: 824 0befb91739de13f92197336b6a3f3f06

Architecture independent packages:

http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb
Size/MD5 checksum: 1622204 67e2242179a8af1f3a7363d0d9728702

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 289142 2da5aaed2ca0e1dfe4627f2d51923a1a
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 184834 a14af28f5651f06cd41f4aa8b264d486
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 378214 95128d7c15be44464dd1a785788fdc3d
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 403766 5facc50da806d2f82a1ca839e045035d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 279294 6b0085ce0a01a81a13b068759de269b8
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 348654 4d1f1c1d5c074be51b777b93b332eaf7
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 363928 54ed19ba7cbd0dd3475827c6e6df5acf
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 184200 e5bc33b1e7dbfea9c372a3056e3f1848

arm architecture (ARM)

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 343960 e7c6c2269903d8dbd4422103a9e1edaf
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 265322 4e7ce3fca8c685e540092e70474e6fbd
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 330958 cee5e85136606605bd290035d9452f90
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 183240 d7e3c477f4f4fbbc49c04b035e92ff2a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 374136 7d297f74e9fde26e726f06f321208dae
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 286074 0a55d6aa6400d4d5750ebd92e9de7aab
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 362166 013680aca7b38c66292a8727855bfc06
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 184934 061417fe2e791b5bc7abf62398b3a8a8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 335758 605f4f911d8445b74cbd46ede0fcfb89
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 268688 c64ca51e9e04d1e961a8db7132ba4e08
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 184134 58672102a58bca326f4ba09c5bf3666a
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 348012 ae8f836c9e5b631eb421f3b86dc78f49

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 370052 f8ea51037f985d6b8f2a288b9a813ccd
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 359844 b0b0956206921cff260c531aa9286f21
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 184240 4dd808980afe395d6909549614fab214
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 272764 7ceea85232267e0a80f4fd5cb38ddf09

mipsel architecture (MIPS (Little Endian))

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	140:08:16
Calls:	12,087
Files:	14,998
Messages:	6,517,420

[SECURITY] [DSA 1837-1] New dbus packages fix denial of service (1/3)

Who's Online

System Info