Issued:
2008-02-27
Updated:
2008-02-27

RHSA-2008:0159 - Security Advisory

Synopsis

Moderate: dbus security update

Type/Severity

Security Advisory: Moderate

Topic

Updated dbus packages that fix an issue with circumventing the security
policy are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

D-Bus is a system for sending messages between applications. It is used
both for the system-wide message bus service, and as a
per-user-login-session messaging facility.

Havoc Pennington discovered a flaw in the way the dbus-daemon applies its
security policy. A user with the ability to connect to the dbus-daemon may
be able to execute certain method calls they should normally not have
permission to access. (CVE-2008-0595)

Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that
would allow a user to leverage this flaw to elevate their privileges.

This flaw does not affect the version of D-Bus shipped in Red Hat
Enterprise Linux 4.

All users are advised to upgrade to these updated dbus packages, which
contain a backported patch and are not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.1 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.1 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.1 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 432419 - CVE-2008-0595 dbus security policy circumvention

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
dbus-1.0.0-6.3.el5_1.src.rpm SHA-256: db6a0784d56ae2826461c6d47598a522b4f67792a96d6b2dca3de3db32d3d471
x86_64
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: 8eb64905a2cac817c04cda396288476c4c1c178f16f86baaac4a50240884a581
dbus-devel-1.0.0-6.3.el5_1.i386.rpm SHA-256: d3b3929ca5f07647e2d603dd10f5d7c4759ad4f84e4d8edd29d739e05a19d1e6
dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: eadd675fdb712cb640751faa166714ac7ffaad1c736b1432365f10c3e4c5f2ad
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: b936931ddacbdde287fc9bcc5007a5c6921023fef5981b5a7859b189c65a966e
ia64
dbus-1.0.0-6.3.el5_1.ia64.rpm SHA-256: ae340792de406a79cc5121c3a2d31dec890a9b893a6ed3a82862a401c23cde9b
dbus-devel-1.0.0-6.3.el5_1.ia64.rpm SHA-256: 3cd0874a2f4d0681444c4a565d50328aadb03764bc0961a791768306e72c7af6
dbus-x11-1.0.0-6.3.el5_1.ia64.rpm SHA-256: 24db2840831a0997fcbdd1401d6b5d33fb9994e49b0453f1c0dad2801a8037c1
i386
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-devel-1.0.0-6.3.el5_1.i386.rpm SHA-256: d3b3929ca5f07647e2d603dd10f5d7c4759ad4f84e4d8edd29d739e05a19d1e6
dbus-x11-1.0.0-6.3.el5_1.i386.rpm SHA-256: 1ce10adf895bdd628553acfe106eaf841e2f0f9875253dd5a4183146094643cb

Red Hat Enterprise Linux Workstation 5

SRPM
dbus-1.0.0-6.3.el5_1.src.rpm SHA-256: db6a0784d56ae2826461c6d47598a522b4f67792a96d6b2dca3de3db32d3d471
x86_64
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: 8eb64905a2cac817c04cda396288476c4c1c178f16f86baaac4a50240884a581
dbus-devel-1.0.0-6.3.el5_1.i386.rpm SHA-256: d3b3929ca5f07647e2d603dd10f5d7c4759ad4f84e4d8edd29d739e05a19d1e6
dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: eadd675fdb712cb640751faa166714ac7ffaad1c736b1432365f10c3e4c5f2ad
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: b936931ddacbdde287fc9bcc5007a5c6921023fef5981b5a7859b189c65a966e
i386
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-devel-1.0.0-6.3.el5_1.i386.rpm SHA-256: d3b3929ca5f07647e2d603dd10f5d7c4759ad4f84e4d8edd29d739e05a19d1e6
dbus-x11-1.0.0-6.3.el5_1.i386.rpm SHA-256: 1ce10adf895bdd628553acfe106eaf841e2f0f9875253dd5a4183146094643cb

Red Hat Enterprise Linux Desktop 5

SRPM
dbus-1.0.0-6.3.el5_1.src.rpm SHA-256: db6a0784d56ae2826461c6d47598a522b4f67792a96d6b2dca3de3db32d3d471
x86_64
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: 8eb64905a2cac817c04cda396288476c4c1c178f16f86baaac4a50240884a581
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: b936931ddacbdde287fc9bcc5007a5c6921023fef5981b5a7859b189c65a966e
i386
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-x11-1.0.0-6.3.el5_1.i386.rpm SHA-256: 1ce10adf895bdd628553acfe106eaf841e2f0f9875253dd5a4183146094643cb

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
dbus-1.0.0-6.3.el5_1.src.rpm SHA-256: db6a0784d56ae2826461c6d47598a522b4f67792a96d6b2dca3de3db32d3d471
s390x
dbus-1.0.0-6.3.el5_1.s390.rpm SHA-256: 11842eac80aa3666d4556db7eae0f95e07956b4f04518a785832f8305b1f5356
dbus-1.0.0-6.3.el5_1.s390x.rpm SHA-256: a1dfdbc3d6ded698717844e9cb4be627c79e22bf2a7c42520c9bdfcc058bc167
dbus-devel-1.0.0-6.3.el5_1.s390.rpm SHA-256: 77a2d43b09c0c51341b521ed211f5a5065f0f7b23e678d811e90f0ba60015bc8
dbus-devel-1.0.0-6.3.el5_1.s390x.rpm SHA-256: 834b4402076834bbeadf4442a7caf0a3ca6fe26df7f4d3269f77e1fcc86b02e7
dbus-x11-1.0.0-6.3.el5_1.s390x.rpm SHA-256: e0d6f7a9d410ddf8e90b17dd46b7ccf9ee8dd7ad54217d489957893d9c87565c

Red Hat Enterprise Linux for Power, big endian 5

SRPM
dbus-1.0.0-6.3.el5_1.src.rpm SHA-256: db6a0784d56ae2826461c6d47598a522b4f67792a96d6b2dca3de3db32d3d471
ppc
dbus-1.0.0-6.3.el5_1.ppc.rpm SHA-256: 79d245adaea84e4beaf6c79a351b6f8f6679c963beb90314c937be8472718adc
dbus-1.0.0-6.3.el5_1.ppc64.rpm SHA-256: b72140526b7de3d27d7f82caedf5a1cf8f1242bcd9a5ec893d78843e69602508
dbus-devel-1.0.0-6.3.el5_1.ppc.rpm SHA-256: 93d7cdab8469f031ef18191e9f0b528054c48824857aed531145d03da19a2e05
dbus-devel-1.0.0-6.3.el5_1.ppc64.rpm SHA-256: 684f34e7f522093fa4048da7328093e5123046f591fd732d182fdd86b8a83db3
dbus-x11-1.0.0-6.3.el5_1.ppc.rpm SHA-256: e9f55caa6eacb5c37d44bcc874aba1f0bfe3cb1839fa3d2a73d9032f5affcc9b

Red Hat Enterprise Linux Server from RHUI 5

SRPM
dbus-1.0.0-6.3.el5_1.src.rpm SHA-256: db6a0784d56ae2826461c6d47598a522b4f67792a96d6b2dca3de3db32d3d471
x86_64
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: 8eb64905a2cac817c04cda396288476c4c1c178f16f86baaac4a50240884a581
dbus-devel-1.0.0-6.3.el5_1.i386.rpm SHA-256: d3b3929ca5f07647e2d603dd10f5d7c4759ad4f84e4d8edd29d739e05a19d1e6
dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: eadd675fdb712cb640751faa166714ac7ffaad1c736b1432365f10c3e4c5f2ad
dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm SHA-256: b936931ddacbdde287fc9bcc5007a5c6921023fef5981b5a7859b189c65a966e
i386
dbus-1.0.0-6.3.el5_1.i386.rpm SHA-256: 0ddee384af928a69de084937ee3f1a3ca0fcf69f9044daef5f06e98747a7480f
dbus-devel-1.0.0-6.3.el5_1.i386.rpm SHA-256: d3b3929ca5f07647e2d603dd10f5d7c4759ad4f84e4d8edd29d739e05a19d1e6
dbus-x11-1.0.0-6.3.el5_1.i386.rpm SHA-256: 1ce10adf895bdd628553acfe106eaf841e2f0f9875253dd5a4183146094643cb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.