[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20090718085627.667CBA98008@hannah.localdomain>
Date: Sat, 18 Jul 2009 18:56:27 +1000 (EST)
From: white@...ian.org (Steffen Joeris)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1837-1] New dbus packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1837-1 security@...ian.org
http://www.debian.org/security/ Steffen Joeris
July 18, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : dbus
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-1189
Debian Bug : 532720
It was discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack. This issue was caused by an incorrect fix for
DSA-1658-1.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.0.2-1+etch3.
Packages for ia64 and s390 will be released once they are available.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.2.14-1.
We recommend that you upgrade your dbus packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz
Size/MD5 checksum: 20482 fd114e50577aade0211a25bc05ac064d
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc
Size/MD5 checksum: 824 0befb91739de13f92197336b6a3f3f06
Architecture independent packages:
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb
Size/MD5 checksum: 1622204 67e2242179a8af1f3a7363d0d9728702
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 289142 2da5aaed2ca0e1dfe4627f2d51923a1a
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 184834 a14af28f5651f06cd41f4aa8b264d486
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 378214 95128d7c15be44464dd1a785788fdc3d
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb
Size/MD5 checksum: 403766 5facc50da806d2f82a1ca839e045035d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 279294 6b0085ce0a01a81a13b068759de269b8
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 348654 4d1f1c1d5c074be51b777b93b332eaf7
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 363928 54ed19ba7cbd0dd3475827c6e6df5acf
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb
Size/MD5 checksum: 184200 e5bc33b1e7dbfea9c372a3056e3f1848
arm architecture (ARM)
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 343960 e7c6c2269903d8dbd4422103a9e1edaf
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 265322 4e7ce3fca8c685e540092e70474e6fbd
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 330958 cee5e85136606605bd290035d9452f90
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb
Size/MD5 checksum: 183240 d7e3c477f4f4fbbc49c04b035e92ff2a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 374136 7d297f74e9fde26e726f06f321208dae
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 286074 0a55d6aa6400d4d5750ebd92e9de7aab
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 362166 013680aca7b38c66292a8727855bfc06
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb
Size/MD5 checksum: 184934 061417fe2e791b5bc7abf62398b3a8a8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 335758 605f4f911d8445b74cbd46ede0fcfb89
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 268688 c64ca51e9e04d1e961a8db7132ba4e08
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 184134 58672102a58bca326f4ba09c5bf3666a
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb
Size/MD5 checksum: 348012 ae8f836c9e5b631eb421f3b86dc78f49
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 370052 f8ea51037f985d6b8f2a288b9a813ccd
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 359844 b0b0956206921cff260c531aa9286f21
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 184240 4dd808980afe395d6909549614fab214
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb
Size/MD5 checksum: 272764 7ceea85232267e0a80f4fd5cb38ddf09
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb
Size/MD5 checksum: 369664 07d0e90fc376acf855563baec0293856
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb
Size/MD5 checksum: 184260 f81b2223f912a359a4fd7bc1f61ba7e4
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb
Size/MD5 checksum: 358830 947820464929873955f7f6a427403838
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb
Size/MD5 checksum: 272442 3d19769e8260b3d434e6dd577d72c5c0
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb
Size/MD5 checksum: 184222 c06ffd6735f13d9f6c9301a0dd487efd
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb
Size/MD5 checksum: 335910 9fe78e085108bbacb7f04566247aa51e
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb
Size/MD5 checksum: 271718 021c33a25a85bcdc394fc0c5af784256
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb
Size/MD5 checksum: 353656 9e40213397ea8306184da6c8e0bcb070
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb
Size/MD5 checksum: 184266 d82e92039c32386a69e0f1b119820ae8
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb
Size/MD5 checksum: 265144 d7f6e34015d0adc757942c6d1dae3c56
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb
Size/MD5 checksum: 341300 3bb2b297ebd12d562b0185b6b58196a8
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb
Size/MD5 checksum: 337130 1b9530365393919e15ffce3a695441ea
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc
Size/MD5 checksum: 1608 e084fe269b41c84cdeaafae2b2633e9f
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz
Size/MD5 checksum: 1406833 b57aa1ba0834cbbb1e7502dc2cbfacc2
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz
Size/MD5 checksum: 39470 6b875822ae5036ba8bf83f2fae11fbf0
Architecture independent packages:
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb
Size/MD5 checksum: 1830232 317e72d84e019f0006d84e9579fa4b66
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb
Size/MD5 checksum: 380740 b75e7906989484738737bc2e5e6bf66a
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb
Size/MD5 checksum: 290338 fa8f5deeed2593a790283210375bde43
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb
Size/MD5 checksum: 170160 810c545ad2bf6212fcb745f10f3d39c9
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb
Size/MD5 checksum: 66942 c810abd2e002daefa1f24942367208ce
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb
Size/MD5 checksum: 259300 9086503f08d3a4970c966cb1461b8309
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb
Size/MD5 checksum: 162880 12a802692ae3d1774a5cb2a55fee7abe
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb
Size/MD5 checksum: 64710 62a4fbb57742faed71a853cd7c6d5443
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb
Size/MD5 checksum: 249006 966d8f20171594a83abd09251c277dd1
arm architecture (ARM)
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb
Size/MD5 checksum: 63812 f9acaf50dd1440312f9b3eb9e8ce5665
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb
Size/MD5 checksum: 223424 20befb04db3b6ae82fb152354be8cf1f
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb
Size/MD5 checksum: 238514 0369f89685fa04a26ba050b5ae718368
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb
Size/MD5 checksum: 144958 da65511355a4e4484042fd7377e2f520
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb
Size/MD5 checksum: 146562 64f4b077e7457a400ad88b8cfd6d9b57
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb
Size/MD5 checksum: 239468 89ddd32404daff070f43848aad9369c3
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb
Size/MD5 checksum: 63572 b67421a112b6bf92b47246c2ebd4618d
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb
Size/MD5 checksum: 228326 096d983dcd56905b8d35a1a109dcd742
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb
Size/MD5 checksum: 263164 2a856048b8c09b075f089ae2551c356f
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb
Size/MD5 checksum: 163954 dd2a4efdbca917a569d6520be368336c
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb
Size/MD5 checksum: 270676 6ada153b9ff39dfd8a75c08a2a186784
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb
Size/MD5 checksum: 64868 5a8bc1e82107effab796c04e6c05592d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb
Size/MD5 checksum: 64064 64e2b9c17836231e7abc0aff34690001
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
Size/MD5 checksum: 235620 ac4307dc10c03340beeb13eefac1f600
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb
Size/MD5 checksum: 230180 7ca48ece6eb966598f45394fa6f61ecb
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb
Size/MD5 checksum: 148370 a6fef063aace9660fcd7b518a1658299
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb
Size/MD5 checksum: 297824 15211d3862458004a9f10b6968d839e3
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb
Size/MD5 checksum: 68598 e8d496cdde34439f3e8545f51b875a1d
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb
Size/MD5 checksum: 487536 4b94b66cd09d99250b8d78bab7a51cc3
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb
Size/MD5 checksum: 205560 a3943a7fde111a5fad1fb33a0b01471d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb
Size/MD5 checksum: 247202 c5b66959665d900dee20b069d205db0a
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb
Size/MD5 checksum: 257016 ca8b0fc29104a6483f2ce45346d3c2dd
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb
Size/MD5 checksum: 150832 c89353aaf1ff0acf40379b59c903153c
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb
Size/MD5 checksum: 64498 8f61fda7a3f7adf0e3069ad4535febf1
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb
Size/MD5 checksum: 256382 7a3757146955ab439ca286aa9fc6dd94
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb
Size/MD5 checksum: 64528 e82065ecb4221b024d0fa0f7716b3a4a
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb
Size/MD5 checksum: 246102 38f40717cb0f202e99067a484ce80848
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb
Size/MD5 checksum: 150130 5658d2cdf77ad75b314f781f9630a8e3
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb
Size/MD5 checksum: 157156 8ce5392e803ce8b824865362c5e7ceaf
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb
Size/MD5 checksum: 243468 31c4739ae2908480d9dadf21f243a76d
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb
Size/MD5 checksum: 252104 af29662c0e472962196a03d9bcac0624
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb
Size/MD5 checksum: 67286 5d871cb882a468fc0d21981024b7bd5e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb
Size/MD5 checksum: 145182 7493ade5ef50256253977a3c708a87dd
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb
Size/MD5 checksum: 254556 8f8bc903fe5eb131a75cbfd0f282cc21
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb
Size/MD5 checksum: 63946 4e1a64b89ca25775553e7653cf2cb3eb
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb
Size/MD5 checksum: 235150 7e6ab5023ad36c713a0eff40e6f60045
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkphji4ACgkQ62zWxYk/rQeUUQCgoAAlzCip8iT8Da1eYQ7VzKVn
uBgAn0FFJcLPYuriEVVJkrlBhSjKwbE+
=UcAL
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists