Issued:: 2019-09-23
Updated:: 2019-09-23

RHSA-2019:2868 - Security Advisory

Overview
Updated Packages

Synopsis

Important: dbus security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dbus is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Security Fix(es):

dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.

Affected Products

Red Hat Enterprise Linux Server - AUS 6.6 x86_64

Fixes

BZ - 1719344 - CVE-2019-12749 dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass

CVEs

CVE-2019-12749

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.6

SRPM
dbus-1.2.24-9.el6_6.src.rpm	SHA-256: 263dc1724433ad14b2e548d5bd5d1daab75ec031bcfe3ce1b5f798b52152d4c1
x86_64
dbus-1.2.24-9.el6_6.x86_64.rpm	SHA-256: 93d2491afbb89945b0ce1938e6aca390b66f077ba0a6ee43e7638ee4e289ad3d
dbus-debuginfo-1.2.24-9.el6_6.i686.rpm	SHA-256: 57fa963e681f59fcc5eedda843043af1e5f95662f34029c843b93fefd7f58d85
dbus-debuginfo-1.2.24-9.el6_6.x86_64.rpm	SHA-256: 54205ff96d4302b5bf80c6a5b49025c611077679cf414ef582667d9f7d5c7d2b
dbus-devel-1.2.24-9.el6_6.i686.rpm	SHA-256: 479831d773194afa0e35add33d77d95a67244d8b039555c522e98c0b14eb73e7
dbus-devel-1.2.24-9.el6_6.x86_64.rpm	SHA-256: f0096319ac5ff097447a23304732405f1616c9dace401d407f55c02ebc395339
dbus-doc-1.2.24-9.el6_6.noarch.rpm	SHA-256: 72725c13451b189405dfb154d91a49c9e552c97a9421c078c69aac4756dd80ee
dbus-libs-1.2.24-9.el6_6.i686.rpm	SHA-256: 1d89d3f7d8784c9a3051eb0bff4910031f389bf5fb1effdc5b770dab9b2e1ba2
dbus-libs-1.2.24-9.el6_6.x86_64.rpm	SHA-256: 03131049629a4824b14b7b5261d807bf94e2916760e022ace7efd927eb98da6b
dbus-x11-1.2.24-9.el6_6.x86_64.rpm	SHA-256: 47a498073b0862e57d0d6e2d059faf28c9659cfb4f4fb6676995c498abcafb66

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation