Synopsis

Moderate: dbus security update

Type/Severity

Security Advisory: Moderate

Topic

Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

A denial-of-service flaw was discovered in the system for sending messages
between applications. A local user could send a message with a malformed
signature to the bus causing the bus (and, consequently, any process using
libdbus to receive messages) to abort. (CVE-2008-3834)

All users are advised to upgrade to these updated dbus packages, which
contain backported patch which resolve this issue. For the update to take
effect, all running instances of dbus-daemon and all running applications
using libdbus library must be restarted, or the system rebooted.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 464674 - CVE-2008-3834 dbus denial of service

CVEs

• CVE-2008-3834

References

• http://www.redhat.com/security/updates/classification/#moderate

Red Hat Enterprise Linux Server 5

SRPM
dbus-1.0.0-7.el5_2.1.src.rpm	SHA-256: 3ba0f70258231a55bfd241367fc78ae06a7c3455b5f041f269d80b69a8478b87
x86_64
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: dff4e158665341166f7397efebd25c9fe1b116bbec5390a72e25b5cb0914d52a
dbus-devel-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 9cace0a32779ff2646c94fbc93da2f6a9171831277361ff02b8866027ca4b9c4
dbus-devel-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: b4780740ca0030a0589157e988c6bd8ca480f521366906e45935fb192ae094f4
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: bc3046d15ea5712d8dd13cbe13ac1cc6270beea912148a663f91ba4bbf82c2f8
ia64
dbus-1.0.0-7.el5_2.1.ia64.rpm	SHA-256: be6e3fe9c6a8a50779807b8ce0d41a3008a26b2a2b37fa5b9ebfc0e413792721
dbus-devel-1.0.0-7.el5_2.1.ia64.rpm	SHA-256: 5d347d3c4091cb82bce45bf17a32dacd5058ea6090a74324007f525d901d92e3
dbus-x11-1.0.0-7.el5_2.1.ia64.rpm	SHA-256: 40f0f0eb8c0aac3dfd560836b7117e907e7b7d5aab0dea981ba6ad78e2b6d440
i386
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-devel-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 9cace0a32779ff2646c94fbc93da2f6a9171831277361ff02b8866027ca4b9c4
dbus-x11-1.0.0-7.el5_2.1.i386.rpm	SHA-256: bd712f62d50c0b57ad2f445760c0f20529fa45a6ac33164bd26741fed1c02e2e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
dbus-1.0.0-7.el5_2.1.src.rpm	SHA-256: 3ba0f70258231a55bfd241367fc78ae06a7c3455b5f041f269d80b69a8478b87
x86_64
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: dff4e158665341166f7397efebd25c9fe1b116bbec5390a72e25b5cb0914d52a
dbus-devel-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 9cace0a32779ff2646c94fbc93da2f6a9171831277361ff02b8866027ca4b9c4
dbus-devel-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: b4780740ca0030a0589157e988c6bd8ca480f521366906e45935fb192ae094f4
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: bc3046d15ea5712d8dd13cbe13ac1cc6270beea912148a663f91ba4bbf82c2f8
i386
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-devel-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 9cace0a32779ff2646c94fbc93da2f6a9171831277361ff02b8866027ca4b9c4
dbus-x11-1.0.0-7.el5_2.1.i386.rpm	SHA-256: bd712f62d50c0b57ad2f445760c0f20529fa45a6ac33164bd26741fed1c02e2e

Red Hat Enterprise Linux Desktop 5

SRPM
dbus-1.0.0-7.el5_2.1.src.rpm	SHA-256: 3ba0f70258231a55bfd241367fc78ae06a7c3455b5f041f269d80b69a8478b87
x86_64
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: dff4e158665341166f7397efebd25c9fe1b116bbec5390a72e25b5cb0914d52a
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: bc3046d15ea5712d8dd13cbe13ac1cc6270beea912148a663f91ba4bbf82c2f8
i386
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-x11-1.0.0-7.el5_2.1.i386.rpm	SHA-256: bd712f62d50c0b57ad2f445760c0f20529fa45a6ac33164bd26741fed1c02e2e

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
dbus-1.0.0-7.el5_2.1.src.rpm	SHA-256: 3ba0f70258231a55bfd241367fc78ae06a7c3455b5f041f269d80b69a8478b87
s390x
dbus-1.0.0-7.el5_2.1.s390.rpm	SHA-256: cb55a74aee991c02026f929b8b5c59deb86e4872d38893b52a6b680ee1df1c0c
dbus-1.0.0-7.el5_2.1.s390x.rpm	SHA-256: 2cd13e5c98970e9b4e38d6972425e92341fffb4239105dbffd7b36285e3049db
dbus-devel-1.0.0-7.el5_2.1.s390.rpm	SHA-256: cb5964a4b42c961a0aeef7603f47e49890d165d3ce46faf5ef785651a34a8ed7
dbus-devel-1.0.0-7.el5_2.1.s390x.rpm	SHA-256: 114f9ecb0c2369929d8249a0967f8fc17aba8c5a44f38d2511517136aaf1f6bb
dbus-x11-1.0.0-7.el5_2.1.s390x.rpm	SHA-256: 6ce4914727b682be5b8e12fd7958807685d0078351d501c61aba40ec61c99dd3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
dbus-1.0.0-7.el5_2.1.src.rpm	SHA-256: 3ba0f70258231a55bfd241367fc78ae06a7c3455b5f041f269d80b69a8478b87
ppc
dbus-1.0.0-7.el5_2.1.ppc.rpm	SHA-256: 69bd2136983472ac14502c758ab578b55aa0d57443780cdd1eba5e9eefe339e1
dbus-1.0.0-7.el5_2.1.ppc64.rpm	SHA-256: 658787968f30cad772c43ffe31f7d121f0ae98b2929d12349d55b8e9edf5de24
dbus-devel-1.0.0-7.el5_2.1.ppc.rpm	SHA-256: f3422d2b712d3cc9fe74a4b253eaccb9c123af722793eda0dea52710f063fd1b
dbus-devel-1.0.0-7.el5_2.1.ppc64.rpm	SHA-256: b73871e3fa6c0f8b4b26db06dea70af11386907379d505616f354d79f67f86a2
dbus-x11-1.0.0-7.el5_2.1.ppc.rpm	SHA-256: 70beb237be2da2e16baa7678ee1d024c0464454d420c563e00ca869553228721

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
dbus-1.0.0-7.el5_2.1.src.rpm	SHA-256: 3ba0f70258231a55bfd241367fc78ae06a7c3455b5f041f269d80b69a8478b87
x86_64
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: dff4e158665341166f7397efebd25c9fe1b116bbec5390a72e25b5cb0914d52a
dbus-devel-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 9cace0a32779ff2646c94fbc93da2f6a9171831277361ff02b8866027ca4b9c4
dbus-devel-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: b4780740ca0030a0589157e988c6bd8ca480f521366906e45935fb192ae094f4
dbus-x11-1.0.0-7.el5_2.1.x86_64.rpm	SHA-256: bc3046d15ea5712d8dd13cbe13ac1cc6270beea912148a663f91ba4bbf82c2f8
i386
dbus-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 407d63954ac7138aa47938c30a64b307474989c5cd014b31262b05fec10b096f
dbus-devel-1.0.0-7.el5_2.1.i386.rpm	SHA-256: 9cace0a32779ff2646c94fbc93da2f6a9171831277361ff02b8866027ca4b9c4
dbus-x11-1.0.0-7.el5_2.1.i386.rpm	SHA-256: bd712f62d50c0b57ad2f445760c0f20529fa45a6ac33164bd26741fed1c02e2e