To: [email protected]Subject: [ MDVSA-2008:213 ] dbus
Date: Wed, 15 Oct 2008 14:40:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1KqDA0-0000AG-CO@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:213
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dbus
Date : October 15, 2008
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
The D-Bus library did not correctly validate certain corrupted
signatures which could cause a crash of applications linked against
the D-Bus library if a local user were to send a specially crafted
D-Bus request (CVE-2008-3834).
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
53ddac46fc15f92a05beb6bf4b79e8f1 2008.0/i586/dbus-1.0.2-10.3mdv2008.0.i586.rpm
abfcbe2261e69ce5df6c9fbbb82fbab9 2008.0/i586/dbus-x11-1.0.2-10.3mdv2008.0.i586.rpm
e04213f6dac50b0c287006ff57c1f996 2008.0/i586/libdbus-1_3-1.0.2-10.3mdv2008.0.i586.rpm
175dfa98c5a745bfd1600ae0f7762c5c 2008.0/i586/libdbus-1_3-devel-1.0.2-10.3mdv2008.0.i586.rpm
a6cb2643f7bc8dbdb07a543409bed40b 2008.0/SRPMS/dbus-1.0.2-10.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
b46a4d074a675a25ac84f6732e6c8871 2008.0/x86_64/dbus-1.0.2-10.3mdv2008.0.x86_64.rpm
226392774b33b7d1d3ba7335e28afb18 2008.0/x86_64/dbus-x11-1.0.2-10.3mdv2008.0.x86_64.rpm
8a7f98b123c9c9e88fe5fb4b2309adc8 2008.0/x86_64/lib64dbus-1_3-1.0.2-10.3mdv2008.0.x86_64.rpm
8226572ecedf628042d43ea4b21d1ab0 2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.3mdv2008.0.x86_64.rpm
a6cb2643f7bc8dbdb07a543409bed40b 2008.0/SRPMS/dbus-1.0.2-10.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
f44638434665041b0c082f3d2621e0ff 2008.1/i586/dbus-1.1.20-5.1mdv2008.1.i586.rpm
75e7d341786089e9410d80af6c50e90a 2008.1/i586/dbus-x11-1.1.20-5.1mdv2008.1.i586.rpm
f148fb013796617ad2426756d5914dd0 2008.1/i586/libdbus-1_3-1.1.20-5.1mdv2008.1.i586.rpm
1c30ba194643108bae7fe38228157691 2008.1/i586/libdbus-1-devel-1.1.20-5.1mdv2008.1.i586.rpm
a74cf7a5ae6427e0b3a7e387540e6d55 2008.1/SRPMS/dbus-1.1.20-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
91b111e4298984d5cfe51706b64d07dd 2008.1/x86_64/dbus-1.1.20-5.1mdv2008.1.x86_64.rpm
b1627308cb9dfcf93b2eb8e59d8b1c79 2008.1/x86_64/dbus-x11-1.1.20-5.1mdv2008.1.x86_64.rpm
b41e2ebdb48617ee523bc6a5a47aa567 2008.1/x86_64/lib64dbus-1_3-1.1.20-5.1mdv2008.1.x86_64.rpm
35f9609ccd79ad79c4f0ec60559948a1 2008.1/x86_64/lib64dbus-1-devel-1.1.20-5.1mdv2008.1.x86_64.rpm
a74cf7a5ae6427e0b3a7e387540e6d55 2008.1/SRPMS/dbus-1.1.20-5.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
9b5d7c9beac341543c08bfb60622b1d2 2009.0/i586/dbus-1.2.3-2.1mdv2009.0.i586.rpm
a06cbb82b1029a3c4ba2b0b5cdeb5348 2009.0/i586/dbus-x11-1.2.3-2.1mdv2009.0.i586.rpm
792d37202f7782bf25c7a806bdd3e6ff 2009.0/i586/libdbus-1_3-1.2.3-2.1mdv2009.0.i586.rpm
b122d9c75a13ce7d03cf705e3e6e1011 2009.0/i586/libdbus-1-devel-1.2.3-2.1mdv2009.0.i586.rpm
789c0a12c1e14968b364c296b1a81278 2009.0/SRPMS/dbus-1.2.3-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f6f343d89dbc2ee0c5d44f8ee0d91648 2009.0/x86_64/dbus-1.2.3-2.1mdv2009.0.x86_64.rpm
3dc65757a0631ef1593150b56cda2176 2009.0/x86_64/dbus-x11-1.2.3-2.1mdv2009.0.x86_64.rpm
f1b2f70268553ebbdad7459b1e9957be 2009.0/x86_64/lib64dbus-1_3-1.2.3-2.1mdv2009.0.x86_64.rpm
421d70189a8fd14d79f02c01138ae586 2009.0/x86_64/lib64dbus-1-devel-1.2.3-2.1mdv2009.0.x86_64.rpm
789c0a12c1e14968b364c296b1a81278 2009.0/SRPMS/dbus-1.2.3-2.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI9iibmqjQ0CJFipgRAsjUAJsGSDl/T5JqJg0soVrNTCjjA/OjAACgtwvD
E/GjNt9M7Qq1awFdoQeOpU4=
=lJFx
-----END PGP SIGNATURE-----