Issued:
2010-01-07
Updated:
2010-01-07

RHSA-2010:0018 - Security Advisory

Synopsis

Moderate: dbus security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did
not correctly fix the denial of service flaw in the system for sending
messages between applications. A local user could use this flaw to send a
message with a malformed signature to the bus, causing the bus (and,
consequently, any process using libdbus to receive messages) to abort.
(CVE-2009-1189)

Note: Users running any application providing services over the system
message bus are advised to test this update carefully before deploying it
in production environments.

All users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. For the update to take effect, all
running instances of dbus-daemon and all running applications using the
libdbus library must be restarted, or the system rebooted.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 496672 - CVE-2009-1189 dbus: invalid fix for CVE-2008-3834

Red Hat Enterprise Linux Server 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-devel-1.1.2-12.el5_4.1.i386.rpm SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 46d46521c27dc8f6e74dc64c81bb63b148f98d934c10f7baf3a831cf7eff5976
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
ia64
dbus-1.1.2-12.el5_4.1.ia64.rpm SHA-256: f8dde37e28c9f19c13f1ab75c0f4dea7ec7ec8ee68aa20f5b0c1445a3b0a13c7
dbus-devel-1.1.2-12.el5_4.1.ia64.rpm SHA-256: 155832b819cf5ad9551405e61ed3695124d72b0784fab898d7a4873af00c29a1
dbus-libs-1.1.2-12.el5_4.1.ia64.rpm SHA-256: 79f1d2cb064e29f3db238ada2c449766b28c296823aaf1ada91db03c9930405d
dbus-x11-1.1.2-12.el5_4.1.ia64.rpm SHA-256: a419aa0e1a38f27e4ca40b86ff6003d0e1b9a7b01f237e4c1fda1f4270077b72
i386
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-devel-1.1.2-12.el5_4.1.i386.rpm SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-devel-1.1.2-12.el5_4.1.i386.rpm SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 46d46521c27dc8f6e74dc64c81bb63b148f98d934c10f7baf3a831cf7eff5976
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
i386
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-devel-1.1.2-12.el5_4.1.i386.rpm SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

Red Hat Enterprise Linux Desktop 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
i386
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
s390x
dbus-1.1.2-12.el5_4.1.s390.rpm SHA-256: a65552eca37e0c7ad81bb9f1fd369a3e363a2307563968d3651eaf6a755cac81
dbus-1.1.2-12.el5_4.1.s390x.rpm SHA-256: 142c020d9b652f77c3995b3e404d5d0d718f2552ba415c59bebe957c0f6a386a
dbus-devel-1.1.2-12.el5_4.1.s390.rpm SHA-256: 654336eae41ba8cb9cd5e81c938d12ad75602779448ea9bfa552c86ff1806c1e
dbus-devel-1.1.2-12.el5_4.1.s390x.rpm SHA-256: 85b5c9783db9a79e715d0dd124ec130a567c37d13e21a536d6ef52ce2aee7ce1
dbus-libs-1.1.2-12.el5_4.1.s390.rpm SHA-256: feb8d6b2b5854f6a09d574831314b944f4adf81e11d5e2bc46c75048f67aac7c
dbus-libs-1.1.2-12.el5_4.1.s390x.rpm SHA-256: e3ccdedcc8ab5bce4b95773a492d50eeeb2cdb2606637635f638d0bd5189626d
dbus-x11-1.1.2-12.el5_4.1.s390x.rpm SHA-256: f7776e91fbbe6481b2d0f44fd6f98b44f8db339c31d792c275dca7e2992e26f1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
ppc
dbus-1.1.2-12.el5_4.1.ppc.rpm SHA-256: 7f93e90d6d03ac01d6d571e1842d976dff98015c96b87d3aeeb2a160138cab18
dbus-1.1.2-12.el5_4.1.ppc64.rpm SHA-256: f7f3d8ffd7740a8b668bcec51faa7255cbc8b9b2cb7d790b1debcc0c08388e6e
dbus-devel-1.1.2-12.el5_4.1.ppc.rpm SHA-256: 69af324e0dbc42c0dbeda99c45b955eedc5adfd7cbc4fd2dcbc8276f1986ea03
dbus-devel-1.1.2-12.el5_4.1.ppc64.rpm SHA-256: a924dee09e73aed13bf55a7d18ec2f4993273e2716f2454c73c8e26ef60ae315
dbus-libs-1.1.2-12.el5_4.1.ppc.rpm SHA-256: 85e84bfd4933f7173696280c5098e037cd1169192f39714062de75a18278ba25
dbus-libs-1.1.2-12.el5_4.1.ppc64.rpm SHA-256: 79299628385cee9c647391e2cd0a4d681d9ab4e94eea2239ba7e879f18dae736
dbus-x11-1.1.2-12.el5_4.1.ppc.rpm SHA-256: 3d765e21da0166863bcf94066065e70c3a0275b675dd3030a4ab35fdf301ea40

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
dbus-1.1.2-12.el5_4.1.src.rpm SHA-256: b773890477f54322bc74d902b700af8939b8136c3a096297384825c5eb35654a
x86_64
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: fa9274f45bee8686556bbb46d7528bb1d1dbfc74658a10d011a0619392206d73
dbus-devel-1.1.2-12.el5_4.1.i386.rpm SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 46d46521c27dc8f6e74dc64c81bb63b148f98d934c10f7baf3a831cf7eff5976
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: f3ce3cdc5009d9591cbb6a2723a852dcecfbd5cb39b9f8ca1704296224070bbf
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm SHA-256: 8a2549a898f18e91233c5cf19c41d371dd81a93c9e09042e9d23906b780c07f2
i386
dbus-1.1.2-12.el5_4.1.i386.rpm SHA-256: e77bdcbda5d82d354cc8ef1ab34157c4ad9df0b03597eda7e4e26523f7e7dcaa
dbus-devel-1.1.2-12.el5_4.1.i386.rpm SHA-256: f538976a60369a70486f78eb63e33d7d5a982d3afabcdda80d5ae95debd556d4
dbus-libs-1.1.2-12.el5_4.1.i386.rpm SHA-256: 72904d1e31eb548b9d5f08657b7ecf4e4f403dd387fb75b42419553265cb2255
dbus-x11-1.1.2-12.el5_4.1.i386.rpm SHA-256: d4ad8e7d3d3eae840522b1766af3a7da3d0e09a38b3a98eb07c17ee7332a584d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.