Issued:: 2019-09-23
Updated:: 2019-09-23

RHSA-2019:2870 - Security Advisory

Overview
Updated Packages

Synopsis

Important: dbus security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dbus is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Security Fix(es):

dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.

Affected Products

Red Hat Enterprise Linux Server - AUS 6.5 x86_64

Fixes

BZ - 1719344 - CVE-2019-12749 dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass

CVEs

CVE-2019-12749

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.5

SRPM
dbus-1.2.24-9.el6_5.src.rpm	SHA-256: 3394cdc0f2c8674dee769ed52b7919b529204e5a510a94a4632016d1aca81ac8
x86_64
dbus-1.2.24-9.el6_5.x86_64.rpm	SHA-256: 29eff14caaee89c85d0d682fed8c183ef676d67b25c75b4bc9c7a842492076b3
dbus-debuginfo-1.2.24-9.el6_5.i686.rpm	SHA-256: 64c139d3d9eeea58b30d2e0bbedc568c5449013d6e978b9b99293feed8a7fc4c
dbus-debuginfo-1.2.24-9.el6_5.x86_64.rpm	SHA-256: fc1852decc4822b2a870eed00bebd97e0d92a904452cb10d6b90cf8c98199682
dbus-devel-1.2.24-9.el6_5.i686.rpm	SHA-256: a25852ec6ff38131dd74b7ce544255cb3d0ad8490790da60f544018fabec1698
dbus-devel-1.2.24-9.el6_5.x86_64.rpm	SHA-256: bf18fefae1293172f4e0c696ab2814337a81789586a6eb9dc65a5430d307dc1e
dbus-doc-1.2.24-9.el6_5.noarch.rpm	SHA-256: 282660d2410a26c57a5cdf915bb7f3f8441d2fe82ce0fc8d68d55270f79b9741
dbus-libs-1.2.24-9.el6_5.i686.rpm	SHA-256: 81278820510a6b6c232bf363d8d9ab17ccfa762967fc9ebc60f3ad9d767c65ba
dbus-libs-1.2.24-9.el6_5.x86_64.rpm	SHA-256: 9a0b50d09c0d12076f15daea510aaad5d4a74636aaca3df3ab10fcb800a1a75c
dbus-x11-1.2.24-9.el6_5.x86_64.rpm	SHA-256: e6e5e8f89575ec253459d15cf5dc8c49dfa7fc228c6f18fc534c87a96fcafa12

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation