lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20090718085627.667CBA98008@hannah.localdomain>
Date: Sat, 18 Jul 2009 18:56:27 +1000 (EST)
From: white@...ian.org (Steffen Joeris)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1837-1] New dbus packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1837-1                  security@...ian.org
http://www.debian.org/security/                      Steffen Joeris
July 18, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : dbus
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id         : CVE-2009-1189
Debian Bug     : 532720


It was discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack. This issue was caused by an incorrect fix for
DSA-1658-1.

For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 1.0.2-1+etch3.

Packages for ia64 and s390 will be released once they are available.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.2.14-1.


We recommend that you upgrade your dbus packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz
    Size/MD5 checksum:    20482 fd114e50577aade0211a25bc05ac064d
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
    Size/MD5 checksum:  1400278 0552a9b54beb4a044951b7cdbc8fc855
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc
    Size/MD5 checksum:      824 0befb91739de13f92197336b6a3f3f06

Architecture independent packages:

  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb
    Size/MD5 checksum:  1622204 67e2242179a8af1f3a7363d0d9728702

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb
    Size/MD5 checksum:   289142 2da5aaed2ca0e1dfe4627f2d51923a1a
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb
    Size/MD5 checksum:   184834 a14af28f5651f06cd41f4aa8b264d486
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb
    Size/MD5 checksum:   378214 95128d7c15be44464dd1a785788fdc3d
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb
    Size/MD5 checksum:   403766 5facc50da806d2f82a1ca839e045035d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb
    Size/MD5 checksum:   279294 6b0085ce0a01a81a13b068759de269b8
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb
    Size/MD5 checksum:   348654 4d1f1c1d5c074be51b777b93b332eaf7
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb
    Size/MD5 checksum:   363928 54ed19ba7cbd0dd3475827c6e6df5acf
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb
    Size/MD5 checksum:   184200 e5bc33b1e7dbfea9c372a3056e3f1848

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb
    Size/MD5 checksum:   343960 e7c6c2269903d8dbd4422103a9e1edaf
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb
    Size/MD5 checksum:   265322 4e7ce3fca8c685e540092e70474e6fbd
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb
    Size/MD5 checksum:   330958 cee5e85136606605bd290035d9452f90
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb
    Size/MD5 checksum:   183240 d7e3c477f4f4fbbc49c04b035e92ff2a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb
    Size/MD5 checksum:   374136 7d297f74e9fde26e726f06f321208dae
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb
    Size/MD5 checksum:   286074 0a55d6aa6400d4d5750ebd92e9de7aab
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb
    Size/MD5 checksum:   362166 013680aca7b38c66292a8727855bfc06
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb
    Size/MD5 checksum:   184934 061417fe2e791b5bc7abf62398b3a8a8

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb
    Size/MD5 checksum:   335758 605f4f911d8445b74cbd46ede0fcfb89
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb
    Size/MD5 checksum:   268688 c64ca51e9e04d1e961a8db7132ba4e08
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb
    Size/MD5 checksum:   184134 58672102a58bca326f4ba09c5bf3666a
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb
    Size/MD5 checksum:   348012 ae8f836c9e5b631eb421f3b86dc78f49

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb
    Size/MD5 checksum:   370052 f8ea51037f985d6b8f2a288b9a813ccd
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb
    Size/MD5 checksum:   359844 b0b0956206921cff260c531aa9286f21
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb
    Size/MD5 checksum:   184240 4dd808980afe395d6909549614fab214
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb
    Size/MD5 checksum:   272764 7ceea85232267e0a80f4fd5cb38ddf09

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb
    Size/MD5 checksum:   369664 07d0e90fc376acf855563baec0293856
  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb
    Size/MD5 checksum:   184260 f81b2223f912a359a4fd7bc1f61ba7e4
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb
    Size/MD5 checksum:   358830 947820464929873955f7f6a427403838
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb
    Size/MD5 checksum:   272442 3d19769e8260b3d434e6dd577d72c5c0

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb
    Size/MD5 checksum:   184222 c06ffd6735f13d9f6c9301a0dd487efd
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb
    Size/MD5 checksum:   335910 9fe78e085108bbacb7f04566247aa51e
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb
    Size/MD5 checksum:   271718 021c33a25a85bcdc394fc0c5af784256
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb
    Size/MD5 checksum:   353656 9e40213397ea8306184da6c8e0bcb070

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb
    Size/MD5 checksum:   184266 d82e92039c32386a69e0f1b119820ae8
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb
    Size/MD5 checksum:   265144 d7f6e34015d0adc757942c6d1dae3c56
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb
    Size/MD5 checksum:   341300 3bb2b297ebd12d562b0185b6b58196a8
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb
    Size/MD5 checksum:   337130 1b9530365393919e15ffce3a695441ea


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc
    Size/MD5 checksum:     1608 e084fe269b41c84cdeaafae2b2633e9f
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz
    Size/MD5 checksum:  1406833 b57aa1ba0834cbbb1e7502dc2cbfacc2
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz
    Size/MD5 checksum:    39470 6b875822ae5036ba8bf83f2fae11fbf0

Architecture independent packages:

  http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb
    Size/MD5 checksum:  1830232 317e72d84e019f0006d84e9579fa4b66

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb
    Size/MD5 checksum:   380740 b75e7906989484738737bc2e5e6bf66a
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb
    Size/MD5 checksum:   290338 fa8f5deeed2593a790283210375bde43
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb
    Size/MD5 checksum:   170160 810c545ad2bf6212fcb745f10f3d39c9
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb
    Size/MD5 checksum:    66942 c810abd2e002daefa1f24942367208ce

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb
    Size/MD5 checksum:   259300 9086503f08d3a4970c966cb1461b8309
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb
    Size/MD5 checksum:   162880 12a802692ae3d1774a5cb2a55fee7abe
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb
    Size/MD5 checksum:    64710 62a4fbb57742faed71a853cd7c6d5443
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb
    Size/MD5 checksum:   249006 966d8f20171594a83abd09251c277dd1

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb
    Size/MD5 checksum:    63812 f9acaf50dd1440312f9b3eb9e8ce5665
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb
    Size/MD5 checksum:   223424 20befb04db3b6ae82fb152354be8cf1f
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb
    Size/MD5 checksum:   238514 0369f89685fa04a26ba050b5ae718368
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb
    Size/MD5 checksum:   144958 da65511355a4e4484042fd7377e2f520

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb
    Size/MD5 checksum:   146562 64f4b077e7457a400ad88b8cfd6d9b57
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb
    Size/MD5 checksum:   239468 89ddd32404daff070f43848aad9369c3
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb
    Size/MD5 checksum:    63572 b67421a112b6bf92b47246c2ebd4618d
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb
    Size/MD5 checksum:   228326 096d983dcd56905b8d35a1a109dcd742

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb
    Size/MD5 checksum:   263164 2a856048b8c09b075f089ae2551c356f
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb
    Size/MD5 checksum:   163954 dd2a4efdbca917a569d6520be368336c
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb
    Size/MD5 checksum:   270676 6ada153b9ff39dfd8a75c08a2a186784
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb
    Size/MD5 checksum:    64868 5a8bc1e82107effab796c04e6c05592d

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb
    Size/MD5 checksum:    64064 64e2b9c17836231e7abc0aff34690001
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
    Size/MD5 checksum:   235620 ac4307dc10c03340beeb13eefac1f600
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb
    Size/MD5 checksum:   230180 7ca48ece6eb966598f45394fa6f61ecb
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb
    Size/MD5 checksum:   148370 a6fef063aace9660fcd7b518a1658299

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb
    Size/MD5 checksum:   297824 15211d3862458004a9f10b6968d839e3
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb
    Size/MD5 checksum:    68598 e8d496cdde34439f3e8545f51b875a1d
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb
    Size/MD5 checksum:   487536 4b94b66cd09d99250b8d78bab7a51cc3
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb
    Size/MD5 checksum:   205560 a3943a7fde111a5fad1fb33a0b01471d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb
    Size/MD5 checksum:   247202 c5b66959665d900dee20b069d205db0a
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb
    Size/MD5 checksum:   257016 ca8b0fc29104a6483f2ce45346d3c2dd
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb
    Size/MD5 checksum:   150832 c89353aaf1ff0acf40379b59c903153c
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb
    Size/MD5 checksum:    64498 8f61fda7a3f7adf0e3069ad4535febf1

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb
    Size/MD5 checksum:   256382 7a3757146955ab439ca286aa9fc6dd94
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb
    Size/MD5 checksum:    64528 e82065ecb4221b024d0fa0f7716b3a4a
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb
    Size/MD5 checksum:   246102 38f40717cb0f202e99067a484ce80848
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb
    Size/MD5 checksum:   150130 5658d2cdf77ad75b314f781f9630a8e3

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb
    Size/MD5 checksum:   157156 8ce5392e803ce8b824865362c5e7ceaf
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb
    Size/MD5 checksum:   243468 31c4739ae2908480d9dadf21f243a76d
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb
    Size/MD5 checksum:   252104 af29662c0e472962196a03d9bcac0624
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb
    Size/MD5 checksum:    67286 5d871cb882a468fc0d21981024b7bd5e

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb
    Size/MD5 checksum:   145182 7493ade5ef50256253977a3c708a87dd
  http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb
    Size/MD5 checksum:   254556 8f8bc903fe5eb131a75cbfd0f282cc21
  http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb
    Size/MD5 checksum:    63946 4e1a64b89ca25775553e7653cf2cb3eb
  http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb
    Size/MD5 checksum:   235150 7e6ab5023ad36c713a0eff40e6f60045


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkphji4ACgkQ62zWxYk/rQeUUQCgoAAlzCip8iT8Da1eYQ7VzKVn
uBgAn0FFJcLPYuriEVVJkrlBhSjKwbE+
=UcAL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ