[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050627161452.GA6029@piware.de>
Date: Mon Jun 27 17:15:02 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-144-1] dbus vulnerability
===========================================================
Ubuntu Security Notice USN-144-1 June 27, 2005
dbus vulnerability
CAN-2005-0201
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
dbus-1
The problem can be corrected by upgrading the affected package to
version 0.22-1ubuntu2.1. You have to restart your Gnome session (i.e.
log out and back in) after doing a standard system upgrade to effect
the necessary changes.
Details follow:
Besides providing the global system-wide communication bus, dbus also
offers per-user "session" buses which applications in an user's
session can create and use to communicate with each other. Daniel
Reed discovered that the default configuration of the session dbus
allowed a local user to connect to another user's session bus if its
address was known. The fixed packages restrict the default permissions
to the user who owns the session dbus instance.
Please note that a standard Ubuntu installation does not use the
session bus for anything, so this can only be exploited if you are
using custom software which uses it.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.22-1ubuntu2.1.diff.gz
Size/MD5: 15995 6f8b07a03ee133e67607985210dcaa21
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.22-1ubuntu2.1.dsc
Size/MD5: 909 d47c88f0d2cc14da7bab054bb2923ea6
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.22.orig.tar.gz
Size/MD5: 1248780 6b1c2476ea8b82dd9fb7f29ef857cb9f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_0.22-1ubuntu2.1_all.deb
Size/MD5: 817462 2942d675de295f743ebdceff28edc3eb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ubuntu2.1_amd64.deb
Size/MD5: 233840 ddfcaa03766658123d982a891a5ae5fe
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1ubuntu2.1_amd64.deb
Size/MD5: 100612 d8defb47c253b5475ea40d005782c040
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu2.1_amd64.deb
Size/MD5: 332330 a821776783887a74227da54fb2c8cfc0
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.22-1ubuntu2.1_amd64.deb
Size/MD5: 105656 817e67b68bad8cc21dbdd6d824aa8dd2
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1ubuntu2.1_amd64.deb
Size/MD5: 103222 19d76a1c5b2dfdcd993d4d8b1004a84f
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.3-dbus_0.22-1ubuntu2.1_amd64.deb
Size/MD5: 142524 5f2bc9aaa7aaa062ea4c66a45dab389a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ubuntu2.1_i386.deb
Size/MD5: 207320 f9f955179ef745de5587cdb4a22e0d8c
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1ubuntu2.1_i386.deb
Size/MD5: 99146 e409ea2bf9ed72101b59e8a1616a9c5b
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu2.1_i386.deb
Size/MD5: 297298 10b6a50dc30819935b24ca337c85c31a
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.22-1ubuntu2.1_i386.deb
Size/MD5: 101542 565fe12a77c4cea1ade70977d3672a62
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1ubuntu2.1_i386.deb
Size/MD5: 100526 8bab20aafd035e1ed7c940225bda277c
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.3-dbus_0.22-1ubuntu2.1_i386.deb
Size/MD5: 130754 e8676c7a4157e15a236fdaa38e080691
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ubuntu2.1_powerpc.deb
Size/MD5: 235306 83ae5fee85566f19262a4548575c0ec1
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1ubuntu2.1_powerpc.deb
Size/MD5: 100766 2a138c9f8fa460abc9c34cb9d21d2070
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu2.1_powerpc.deb
Size/MD5: 312850 27ea75fa2dd9a40a1dc84724def7c4e4
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.22-1ubuntu2.1_powerpc.deb
Size/MD5: 107106 4b176bc6c2a42bdb0e05b2e28b40d49d
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1ubuntu2.1_powerpc.deb
Size/MD5: 100502 e0316f200a0ab7829d0c5478b288e9cb
http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.3-dbus_0.22-1ubuntu2.1_powerpc.deb
Size/MD5: 143508 3d2a2015e906ebdd217cba8791002edc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050627/73018461/attachment.bin
Powered by blists - more mailing lists