Red Hat Product Errata RHSA-2010:0018 - Security Advisory

Issued:: 2010-01-07
Updated:: 2010-01-07

RHSA-2010:0018 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: dbus security update

Type/Severity

Security Advisory: Moderate

Topic

Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did
not correctly fix the denial of service flaw in the system for sending
messages between applications. A local user could use this flaw to send a
message with a malformed signature to the bus, causing the bus (and,
consequently, any process using libdbus to receive messages) to abort.
(CVE-2009-1189)

Note: Users running any application providing services over the system
message bus are advised to test this update carefully before deploying it
in production environments.

All users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. For the update to take effect, all
running instances of dbus-daemon and all running applications using the
libdbus library must be restarted, or the system rebooted.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 496672 - CVE-2009-1189 dbus: invalid fix for CVE-2008-3834

CVEs

CVE-2009-1189

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm	SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-devel-1.1.2-12.el5_4.1.i386.rpm	SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 46d46521c27dc8f6e74dc64c81bb63b148f98d934c10f7baf3a831cf7eff5976
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
ia64
dbus-1.1.2-12.el5_4.1.ia64.rpm	SHA-256: f8dde37e28c9f19c13f1ab75c0f4dea7ec7ec8ee68aa20f5b0c1445a3b0a13c7
dbus-devel-1.1.2-12.el5_4.1.ia64.rpm	SHA-256: 155832b819cf5ad9551405e61ed3695124d72b0784fab898d7a4873af00c29a1
dbus-libs-1.1.2-12.el5_4.1.ia64.rpm	SHA-256: 79f1d2cb064e29f3db238ada2c449766b28c296823aaf1ada91db03c9930405d
dbus-x11-1.1.2-12.el5_4.1.ia64.rpm	SHA-256: a419aa0e1a38f27e4ca40b86ff6003d0e1b9a7b01f237e4c1fda1f4270077b72
i386
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-devel-1.1.2-12.el5_4.1.i386.rpm	SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm	SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm	SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-devel-1.1.2-12.el5_4.1.i386.rpm	SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 46d46521c27dc8f6e74dc64c81bb63b148f98d934c10f7baf3a831cf7eff5976
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
i386
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-devel-1.1.2-12.el5_4.1.i386.rpm	SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm	SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

Red Hat Enterprise Linux Desktop 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm	SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
i386
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm	SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm	SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
s390x
dbus-1.1.2-12.el5_4.1.s390.rpm	SHA-256: a65552eca37e0c7ad81bb9f1fd369a3e363a2307563968d3651eaf6a755cac81
dbus-1.1.2-12.el5_4.1.s390x.rpm	SHA-256: 142c020d9b652f77c3995b3e404d5d0d718f2552ba415c59bebe957c0f6a386a
dbus-devel-1.1.2-12.el5_4.1.s390.rpm	SHA-256: 654336eae41ba8cb9cd5e81c938d12ad75602779448ea9bfa552c86ff1806c1e
dbus-devel-1.1.2-12.el5_4.1.s390x.rpm	SHA-256: 85b5c9783db9a79e715d0dd124ec130a567c37d13e21a536d6ef52ce2aee7ce1
dbus-libs-1.1.2-12.el5_4.1.s390.rpm	SHA-256: feb8d6b2b5854f6a09d574831314b944f4adf81e11d5e2bc46c75048f67aac7c
dbus-libs-1.1.2-12.el5_4.1.s390x.rpm	SHA-256: e3ccdedcc8ab5bce4b95773a492d50eeeb2cdb2606637635f638d0bd5189626d
dbus-x11-1.1.2-12.el5_4.1.s390x.rpm	SHA-256: f7776e91fbbe6481b2d0f44fd6f98b44f8db339c31d792c275dca7e2992e26f1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm	SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
ppc
dbus-1.1.2-12.el5_4.1.ppc.rpm	SHA-256: 7f93e90d6d03ac01d6d571e1842d976dff98015c96b87d3aeeb2a160138cab18
dbus-1.1.2-12.el5_4.1.ppc64.rpm	SHA-256: f7f3d8ffd7740a8b668bcec51faa7255cbc8b9b2cb7d790b1debcc0c08388e6e
dbus-devel-1.1.2-12.el5_4.1.ppc.rpm	SHA-256: 69af324e0dbc42c0dbeda99c45b955eedc5adfd7cbc4fd2dcbc8276f1986ea03
dbus-devel-1.1.2-12.el5_4.1.ppc64.rpm	SHA-256: a924dee09e73aed13bf55a7d18ec2f4993273e2716f2454c73c8e26ef60ae315
dbus-libs-1.1.2-12.el5_4.1.ppc.rpm	SHA-256: 85e84bfd4933f7173696280c5098e037cd1169192f39714062de75a18278ba25
dbus-libs-1.1.2-12.el5_4.1.ppc64.rpm	SHA-256: 79299628385cee9c647391e2cd0a4d681d9ab4e94eea2239ba7e879f18dae736
dbus-x11-1.1.2-12.el5_4.1.ppc.rpm	SHA-256: 3d765e21da0166863bcf94066065e70c3a0275b675dd3030a4ab35fdf301ea40

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm	SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-devel-1.1.2-12.el5_4.1.i386.rpm	SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 46d46521c27dc8f6e74dc64c81bb63b148f98d934c10f7baf3a831cf7eff5976
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm	SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
i386
dbus-1.1.2-12.el5_4.1.i386.rpm	SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-devel-1.1.2-12.el5_4.1.i386.rpm	SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-libs-1.1.2-12.el5_4.1.i386.rpm	SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm	SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories