Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1837-1: New dbus packages fix denial of service

    Date 18 Jul 2009
    126
    Posted By LinuxSecurity Advisories
    It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1837-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                      Steffen Joeris
    July 18, 2009                         https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : dbus
    Vulnerability  : programming error
    Problem type   : local
    Debian-specific: no
    CVE Id         : CVE-2009-1189
    Debian Bug     : 532720
    
    
    It was discovered that the dbus_signature_validate function in
    dbus, a simple interprocess messaging system, is prone to a denial of
    service attack. This issue was caused by an incorrect fix for
    DSA-1658-1.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.2.1-5+lenny1.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 1.0.2-1+etch3.
    
    Packages for ia64 and s390 will be released once they are available.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1.2.14-1.
    
    
    We recommend that you upgrade your dbus packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz
        Size/MD5 checksum:    20482 fd114e50577aade0211a25bc05ac064d
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
        Size/MD5 checksum:  1400278 0552a9b54beb4a044951b7cdbc8fc855
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc
        Size/MD5 checksum:      824 0befb91739de13f92197336b6a3f3f06
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb
        Size/MD5 checksum:  1622204 67e2242179a8af1f3a7363d0d9728702
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   289142 2da5aaed2ca0e1dfe4627f2d51923a1a
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   184834 a14af28f5651f06cd41f4aa8b264d486
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   378214 95128d7c15be44464dd1a785788fdc3d
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   403766 5facc50da806d2f82a1ca839e045035d
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   279294 6b0085ce0a01a81a13b068759de269b8
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   348654 4d1f1c1d5c074be51b777b93b332eaf7
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   363928 54ed19ba7cbd0dd3475827c6e6df5acf
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   184200 e5bc33b1e7dbfea9c372a3056e3f1848
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   343960 e7c6c2269903d8dbd4422103a9e1edaf
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   265322 4e7ce3fca8c685e540092e70474e6fbd
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   330958 cee5e85136606605bd290035d9452f90
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   183240 d7e3c477f4f4fbbc49c04b035e92ff2a
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   374136 7d297f74e9fde26e726f06f321208dae
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   286074 0a55d6aa6400d4d5750ebd92e9de7aab
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   362166 013680aca7b38c66292a8727855bfc06
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   184934 061417fe2e791b5bc7abf62398b3a8a8
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   335758 605f4f911d8445b74cbd46ede0fcfb89
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   268688 c64ca51e9e04d1e961a8db7132ba4e08
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   184134 58672102a58bca326f4ba09c5bf3666a
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   348012 ae8f836c9e5b631eb421f3b86dc78f49
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   370052 f8ea51037f985d6b8f2a288b9a813ccd
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   359844 b0b0956206921cff260c531aa9286f21
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   184240 4dd808980afe395d6909549614fab214
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   272764 7ceea85232267e0a80f4fd5cb38ddf09
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   369664 07d0e90fc376acf855563baec0293856
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   184260 f81b2223f912a359a4fd7bc1f61ba7e4
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   358830 947820464929873955f7f6a427403838
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   272442 3d19769e8260b3d434e6dd577d72c5c0
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   184222 c06ffd6735f13d9f6c9301a0dd487efd
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   335910 9fe78e085108bbacb7f04566247aa51e
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   271718 021c33a25a85bcdc394fc0c5af784256
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   353656 9e40213397ea8306184da6c8e0bcb070
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   184266 d82e92039c32386a69e0f1b119820ae8
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   265144 d7f6e34015d0adc757942c6d1dae3c56
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   341300 3bb2b297ebd12d562b0185b6b58196a8
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   337130 1b9530365393919e15ffce3a695441ea
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc
        Size/MD5 checksum:     1608 e084fe269b41c84cdeaafae2b2633e9f
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz
        Size/MD5 checksum:  1406833 b57aa1ba0834cbbb1e7502dc2cbfacc2
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz
        Size/MD5 checksum:    39470 6b875822ae5036ba8bf83f2fae11fbf0
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb
        Size/MD5 checksum:  1830232 317e72d84e019f0006d84e9579fa4b66
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:   380740 b75e7906989484738737bc2e5e6bf66a
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:   290338 fa8f5deeed2593a790283210375bde43
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:   170160 810c545ad2bf6212fcb745f10f3d39c9
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:    66942 c810abd2e002daefa1f24942367208ce
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:   259300 9086503f08d3a4970c966cb1461b8309
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:   162880 12a802692ae3d1774a5cb2a55fee7abe
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:    64710 62a4fbb57742faed71a853cd7c6d5443
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:   249006 966d8f20171594a83abd09251c277dd1
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:    63812 f9acaf50dd1440312f9b3eb9e8ce5665
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:   223424 20befb04db3b6ae82fb152354be8cf1f
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:   238514 0369f89685fa04a26ba050b5ae718368
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:   144958 da65511355a4e4484042fd7377e2f520
    
    armel architecture (ARM EABI)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:   146562 64f4b077e7457a400ad88b8cfd6d9b57
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:   239468 89ddd32404daff070f43848aad9369c3
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:    63572 b67421a112b6bf92b47246c2ebd4618d
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:   228326 096d983dcd56905b8d35a1a109dcd742
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:   263164 2a856048b8c09b075f089ae2551c356f
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:   163954 dd2a4efdbca917a569d6520be368336c
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:   270676 6ada153b9ff39dfd8a75c08a2a186784
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:    64868 5a8bc1e82107effab796c04e6c05592d
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:    64064 64e2b9c17836231e7abc0aff34690001
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:   235620 ac4307dc10c03340beeb13eefac1f600
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:   230180 7ca48ece6eb966598f45394fa6f61ecb
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:   148370 a6fef063aace9660fcd7b518a1658299
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:   297824 15211d3862458004a9f10b6968d839e3
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:    68598 e8d496cdde34439f3e8545f51b875a1d
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:   487536 4b94b66cd09d99250b8d78bab7a51cc3
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:   205560 a3943a7fde111a5fad1fb33a0b01471d
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:   247202 c5b66959665d900dee20b069d205db0a
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:   257016 ca8b0fc29104a6483f2ce45346d3c2dd
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:   150832 c89353aaf1ff0acf40379b59c903153c
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:    64498 8f61fda7a3f7adf0e3069ad4535febf1
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:   256382 7a3757146955ab439ca286aa9fc6dd94
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:    64528 e82065ecb4221b024d0fa0f7716b3a4a
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:   246102 38f40717cb0f202e99067a484ce80848
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:   150130 5658d2cdf77ad75b314f781f9630a8e3
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:   157156 8ce5392e803ce8b824865362c5e7ceaf
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:   243468 31c4739ae2908480d9dadf21f243a76d
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:   252104 af29662c0e472962196a03d9bcac0624
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:    67286 5d871cb882a468fc0d21981024b7bd5e
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:   145182 7493ade5ef50256253977a3c708a87dd
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:   254556 8f8bc903fe5eb131a75cbfd0f282cc21
      https://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:    63946 4e1a64b89ca25775553e7653cf2cb3eb
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:   235150 7e6ab5023ad36c713a0eff40e6f60045
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and https://packages.debian.org/
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":10.34,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":17.24,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.45,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"20","type":"x","order":"4","pct":68.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.