Debian: DSA-1837-1: New dbus packages fix denial of service

    Date18 Jul 2009
    CategoryDebian
    60
    Posted ByLinuxSecurity Advisories
    It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1837-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    July 18, 2009                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : dbus
    Vulnerability  : programming error
    Problem type   : local
    Debian-specific: no
    CVE Id         : CVE-2009-1189
    Debian Bug     : 532720
    
    
    It was discovered that the dbus_signature_validate function in
    dbus, a simple interprocess messaging system, is prone to a denial of
    service attack. This issue was caused by an incorrect fix for
    DSA-1658-1.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.2.1-5+lenny1.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 1.0.2-1+etch3.
    
    Packages for ia64 and s390 will be released once they are available.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1.2.14-1.
    
    
    We recommend that you upgrade your dbus packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz
        Size/MD5 checksum:    20482 fd114e50577aade0211a25bc05ac064d
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
        Size/MD5 checksum:  1400278 0552a9b54beb4a044951b7cdbc8fc855
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc
        Size/MD5 checksum:      824 0befb91739de13f92197336b6a3f3f06
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb
        Size/MD5 checksum:  1622204 67e2242179a8af1f3a7363d0d9728702
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   289142 2da5aaed2ca0e1dfe4627f2d51923a1a
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   184834 a14af28f5651f06cd41f4aa8b264d486
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   378214 95128d7c15be44464dd1a785788fdc3d
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb
        Size/MD5 checksum:   403766 5facc50da806d2f82a1ca839e045035d
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   279294 6b0085ce0a01a81a13b068759de269b8
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   348654 4d1f1c1d5c074be51b777b93b332eaf7
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   363928 54ed19ba7cbd0dd3475827c6e6df5acf
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb
        Size/MD5 checksum:   184200 e5bc33b1e7dbfea9c372a3056e3f1848
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   343960 e7c6c2269903d8dbd4422103a9e1edaf
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   265322 4e7ce3fca8c685e540092e70474e6fbd
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   330958 cee5e85136606605bd290035d9452f90
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb
        Size/MD5 checksum:   183240 d7e3c477f4f4fbbc49c04b035e92ff2a
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   374136 7d297f74e9fde26e726f06f321208dae
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   286074 0a55d6aa6400d4d5750ebd92e9de7aab
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   362166 013680aca7b38c66292a8727855bfc06
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb
        Size/MD5 checksum:   184934 061417fe2e791b5bc7abf62398b3a8a8
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   335758 605f4f911d8445b74cbd46ede0fcfb89
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   268688 c64ca51e9e04d1e961a8db7132ba4e08
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   184134 58672102a58bca326f4ba09c5bf3666a
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb
        Size/MD5 checksum:   348012 ae8f836c9e5b631eb421f3b86dc78f49
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   370052 f8ea51037f985d6b8f2a288b9a813ccd
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   359844 b0b0956206921cff260c531aa9286f21
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   184240 4dd808980afe395d6909549614fab214
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb
        Size/MD5 checksum:   272764 7ceea85232267e0a80f4fd5cb38ddf09
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   369664 07d0e90fc376acf855563baec0293856
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   184260 f81b2223f912a359a4fd7bc1f61ba7e4
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   358830 947820464929873955f7f6a427403838
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb
        Size/MD5 checksum:   272442 3d19769e8260b3d434e6dd577d72c5c0
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   184222 c06ffd6735f13d9f6c9301a0dd487efd
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   335910 9fe78e085108bbacb7f04566247aa51e
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   271718 021c33a25a85bcdc394fc0c5af784256
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb
        Size/MD5 checksum:   353656 9e40213397ea8306184da6c8e0bcb070
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   184266 d82e92039c32386a69e0f1b119820ae8
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   265144 d7f6e34015d0adc757942c6d1dae3c56
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   341300 3bb2b297ebd12d562b0185b6b58196a8
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb
        Size/MD5 checksum:   337130 1b9530365393919e15ffce3a695441ea
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc
        Size/MD5 checksum:     1608 e084fe269b41c84cdeaafae2b2633e9f
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz
        Size/MD5 checksum:  1406833 b57aa1ba0834cbbb1e7502dc2cbfacc2
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz
        Size/MD5 checksum:    39470 6b875822ae5036ba8bf83f2fae11fbf0
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb
        Size/MD5 checksum:  1830232 317e72d84e019f0006d84e9579fa4b66
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:   380740 b75e7906989484738737bc2e5e6bf66a
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:   290338 fa8f5deeed2593a790283210375bde43
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:   170160 810c545ad2bf6212fcb745f10f3d39c9
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb
        Size/MD5 checksum:    66942 c810abd2e002daefa1f24942367208ce
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:   259300 9086503f08d3a4970c966cb1461b8309
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:   162880 12a802692ae3d1774a5cb2a55fee7abe
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:    64710 62a4fbb57742faed71a853cd7c6d5443
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb
        Size/MD5 checksum:   249006 966d8f20171594a83abd09251c277dd1
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:    63812 f9acaf50dd1440312f9b3eb9e8ce5665
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:   223424 20befb04db3b6ae82fb152354be8cf1f
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:   238514 0369f89685fa04a26ba050b5ae718368
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb
        Size/MD5 checksum:   144958 da65511355a4e4484042fd7377e2f520
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:   146562 64f4b077e7457a400ad88b8cfd6d9b57
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:   239468 89ddd32404daff070f43848aad9369c3
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:    63572 b67421a112b6bf92b47246c2ebd4618d
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb
        Size/MD5 checksum:   228326 096d983dcd56905b8d35a1a109dcd742
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:   263164 2a856048b8c09b075f089ae2551c356f
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:   163954 dd2a4efdbca917a569d6520be368336c
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:   270676 6ada153b9ff39dfd8a75c08a2a186784
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb
        Size/MD5 checksum:    64868 5a8bc1e82107effab796c04e6c05592d
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:    64064 64e2b9c17836231e7abc0aff34690001
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:   235620 ac4307dc10c03340beeb13eefac1f600
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:   230180 7ca48ece6eb966598f45394fa6f61ecb
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb
        Size/MD5 checksum:   148370 a6fef063aace9660fcd7b518a1658299
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:   297824 15211d3862458004a9f10b6968d839e3
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:    68598 e8d496cdde34439f3e8545f51b875a1d
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:   487536 4b94b66cd09d99250b8d78bab7a51cc3
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb
        Size/MD5 checksum:   205560 a3943a7fde111a5fad1fb33a0b01471d
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:   247202 c5b66959665d900dee20b069d205db0a
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:   257016 ca8b0fc29104a6483f2ce45346d3c2dd
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:   150832 c89353aaf1ff0acf40379b59c903153c
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb
        Size/MD5 checksum:    64498 8f61fda7a3f7adf0e3069ad4535febf1
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:   256382 7a3757146955ab439ca286aa9fc6dd94
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:    64528 e82065ecb4221b024d0fa0f7716b3a4a
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:   246102 38f40717cb0f202e99067a484ce80848
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb
        Size/MD5 checksum:   150130 5658d2cdf77ad75b314f781f9630a8e3
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:   157156 8ce5392e803ce8b824865362c5e7ceaf
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:   243468 31c4739ae2908480d9dadf21f243a76d
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:   252104 af29662c0e472962196a03d9bcac0624
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb
        Size/MD5 checksum:    67286 5d871cb882a468fc0d21981024b7bd5e
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:   145182 7493ade5ef50256253977a3c708a87dd
      http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:   254556 8f8bc903fe5eb131a75cbfd0f282cc21
      http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:    63946 4e1a64b89ca25775553e7653cf2cb3eb
      http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb
        Size/MD5 checksum:   235150 7e6ab5023ad36c713a0eff40e6f60045
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.76,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":12.93,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.31,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.