[ MDVSA-2008:213 ] dbus

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2008:213 ] dbus
From: security@xxxxxxxxxxxx
Date: Wed, 15 Oct 2008 14:40:00 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:213
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dbus
 Date    : October 15, 2008
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 The D-Bus library did not correctly validate certain corrupted
 signatures which could cause a crash of applications linked against
 the D-Bus library if a local user were to send a specially crafted
 D-Bus request (CVE-2008-3834).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 53ddac46fc15f92a05beb6bf4b79e8f1  2008.0/i586/dbus-1.0.2-10.3mdv2008.0.i586.rpm
 abfcbe2261e69ce5df6c9fbbb82fbab9  
2008.0/i586/dbus-x11-1.0.2-10.3mdv2008.0.i586.rpm
 e04213f6dac50b0c287006ff57c1f996  
2008.0/i586/libdbus-1_3-1.0.2-10.3mdv2008.0.i586.rpm
 175dfa98c5a745bfd1600ae0f7762c5c  
2008.0/i586/libdbus-1_3-devel-1.0.2-10.3mdv2008.0.i586.rpm 
 a6cb2643f7bc8dbdb07a543409bed40b  2008.0/SRPMS/dbus-1.0.2-10.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b46a4d074a675a25ac84f6732e6c8871  
2008.0/x86_64/dbus-1.0.2-10.3mdv2008.0.x86_64.rpm
 226392774b33b7d1d3ba7335e28afb18  
2008.0/x86_64/dbus-x11-1.0.2-10.3mdv2008.0.x86_64.rpm
 8a7f98b123c9c9e88fe5fb4b2309adc8  
2008.0/x86_64/lib64dbus-1_3-1.0.2-10.3mdv2008.0.x86_64.rpm
 8226572ecedf628042d43ea4b21d1ab0  
2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.3mdv2008.0.x86_64.rpm 
 a6cb2643f7bc8dbdb07a543409bed40b  2008.0/SRPMS/dbus-1.0.2-10.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 f44638434665041b0c082f3d2621e0ff  2008.1/i586/dbus-1.1.20-5.1mdv2008.1.i586.rpm
 75e7d341786089e9410d80af6c50e90a  
2008.1/i586/dbus-x11-1.1.20-5.1mdv2008.1.i586.rpm
 f148fb013796617ad2426756d5914dd0  
2008.1/i586/libdbus-1_3-1.1.20-5.1mdv2008.1.i586.rpm
 1c30ba194643108bae7fe38228157691  
2008.1/i586/libdbus-1-devel-1.1.20-5.1mdv2008.1.i586.rpm 
 a74cf7a5ae6427e0b3a7e387540e6d55  2008.1/SRPMS/dbus-1.1.20-5.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 91b111e4298984d5cfe51706b64d07dd  
2008.1/x86_64/dbus-1.1.20-5.1mdv2008.1.x86_64.rpm
 b1627308cb9dfcf93b2eb8e59d8b1c79  
2008.1/x86_64/dbus-x11-1.1.20-5.1mdv2008.1.x86_64.rpm
 b41e2ebdb48617ee523bc6a5a47aa567  
2008.1/x86_64/lib64dbus-1_3-1.1.20-5.1mdv2008.1.x86_64.rpm
 35f9609ccd79ad79c4f0ec60559948a1  
2008.1/x86_64/lib64dbus-1-devel-1.1.20-5.1mdv2008.1.x86_64.rpm 
 a74cf7a5ae6427e0b3a7e387540e6d55  2008.1/SRPMS/dbus-1.1.20-5.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 9b5d7c9beac341543c08bfb60622b1d2  2009.0/i586/dbus-1.2.3-2.1mdv2009.0.i586.rpm
 a06cbb82b1029a3c4ba2b0b5cdeb5348  
2009.0/i586/dbus-x11-1.2.3-2.1mdv2009.0.i586.rpm
 792d37202f7782bf25c7a806bdd3e6ff  
2009.0/i586/libdbus-1_3-1.2.3-2.1mdv2009.0.i586.rpm
 b122d9c75a13ce7d03cf705e3e6e1011  
2009.0/i586/libdbus-1-devel-1.2.3-2.1mdv2009.0.i586.rpm 
 789c0a12c1e14968b364c296b1a81278  2009.0/SRPMS/dbus-1.2.3-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f6f343d89dbc2ee0c5d44f8ee0d91648  
2009.0/x86_64/dbus-1.2.3-2.1mdv2009.0.x86_64.rpm
 3dc65757a0631ef1593150b56cda2176  
2009.0/x86_64/dbus-x11-1.2.3-2.1mdv2009.0.x86_64.rpm
 f1b2f70268553ebbdad7459b1e9957be  
2009.0/x86_64/lib64dbus-1_3-1.2.3-2.1mdv2009.0.x86_64.rpm
 421d70189a8fd14d79f02c01138ae586  
2009.0/x86_64/lib64dbus-1-devel-1.2.3-2.1mdv2009.0.x86_64.rpm 
 789c0a12c1e14968b364c296b1a81278  2009.0/SRPMS/dbus-1.2.3-2.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI9iibmqjQ0CJFipgRAsjUAJsGSDl/T5JqJg0soVrNTCjjA/OjAACgtwvD
E/GjNt9M7Qq1awFdoQeOpU4=
=lJFx
-----END PGP SIGNATURE-----

Prev by Date: [USN-656-1] CUPS vulnerabilities
Next by Date: SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis
Previous by thread: [USN-656-1] CUPS vulnerabilities
Next by thread: SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis
Index(es):
- Date
- Thread