Linux Security
    Linux Security
    Linux Security

    Debian: New dbus packages fix denial of service

    Date 22 Oct 2008
    2825
    Posted By LinuxSecurity Advisories
    Colin Walters discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1658-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Thijs Kinkhorst
    October 22, 2008                      https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : dbus
    Vulnerability  : programming error
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2008-3834
    Debian Bug     : 501443
    
    Colin Walters discovered that the dbus_signature_validate function in 
    dbus, a simple interprocess messaging system, is prone to a denial of 
    service attack.
    
    For the stable distribution (etch), this problem has been fixed in 
    version 1.0.2-1+etch2.
    
    For the testing distribution (lenny) and unstable distribution (sid) 
    this problem will be fixed soon.
    
    We recommend that you upgrade your dbus package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.dsc
        Size/MD5 checksum:      824 476bb3df500c50f67b4088317482e0ef
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.diff.gz
        Size/MD5 checksum:    19909 27df2fd0bc5cb93069d6c10d89e0214a
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
        Size/MD5 checksum:  1400278 0552a9b54beb4a044951b7cdbc8fc855
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch2_all.deb
        Size/MD5 checksum:  1623126 68e4e1787515928f95af670ec2677663
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_alpha.deb
        Size/MD5 checksum:   403640 fa77ef6e2fc986018a1b6074b3ae9343
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_alpha.deb
        Size/MD5 checksum:   184728 631b1a1ed1215eb05a696b40a72db26c
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_alpha.deb
        Size/MD5 checksum:   378152 662bea6b7c1db00fdf933b53a2334f7d
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_alpha.deb
        Size/MD5 checksum:   289022 3ebba7555c92b42fdfe9331c35fbafc6
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_amd64.deb
        Size/MD5 checksum:   279202 dfbd440a6a800eea8ba2e46b692dd636
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_amd64.deb
        Size/MD5 checksum:   348548 ccc32fdddbaca40a7e62cffc250d493a
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_amd64.deb
        Size/MD5 checksum:   363840 fd13ad30b922eff52503762ba60d08e0
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_amd64.deb
        Size/MD5 checksum:   184096 cb1028347d48476de045ad633939119a
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_arm.deb
        Size/MD5 checksum:   331110 508d164df564a28f626b1941bf784bcd
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_arm.deb
        Size/MD5 checksum:   183846 34fc9addad9e6e1858107a9382fc89e4
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_arm.deb
        Size/MD5 checksum:   343302 dd43eeb35c44bb838d45d6324f9842fb
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_arm.deb
        Size/MD5 checksum:   265858 e2438b408ec289d96454d30c971a1eeb
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_hppa.deb
        Size/MD5 checksum:   184866 7b0aa00c72398485849a46c3a376b5a3
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_hppa.deb
        Size/MD5 checksum:   375644 6146db75333cc23bcf98184886e2358f
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_hppa.deb
        Size/MD5 checksum:   362346 5002551bf82c33092fdd3fee8356078d
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_hppa.deb
        Size/MD5 checksum:   285994 55964151812beb09104dadc5fe883ded
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_i386.deb
        Size/MD5 checksum:   335874 116b0084af4713242092e2b07a64734f
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_i386.deb
        Size/MD5 checksum:   349844 cfa20eea1e6e8be195d520199e8415c6
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_i386.deb
        Size/MD5 checksum:   184284 98c8270b762a20bffc194124562c2a68
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_i386.deb
        Size/MD5 checksum:   269032 ebf1993ab8d40f4d10becd43324c3fb7
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_ia64.deb
        Size/MD5 checksum:   439328 0e4d4761c026e5d1a1d0fec1a2e2cc59
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_ia64.deb
        Size/MD5 checksum:   186576 9a83ca03b18ba3bbaa0e976c73e5ee49
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_ia64.deb
        Size/MD5 checksum:   411494 c4e44af1f20c10c57205270249f337a9
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_ia64.deb
        Size/MD5 checksum:   322378 94081937e3524ee2faecb311d0b55772
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mips.deb
        Size/MD5 checksum:   370622 4bdcd5653af2b8d82005e4f517b9b4b4
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mips.deb
        Size/MD5 checksum:   183866 413cae07b1a9058a0c6aebdd7f8ea027
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mips.deb
        Size/MD5 checksum:   272250 6d0e938439d3eb8ca62606630b8c3703
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_mips.deb
        Size/MD5 checksum:   359500 7f221dd76f85d4ba43e2f9de932a0e2d
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mipsel.deb
        Size/MD5 checksum:   184158 fb889a6d77b704244d791a6eacc6bdd7
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mipsel.deb
        Size/MD5 checksum:   369594 90c29c9d9647268f0b44b94a01de0f45
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_mipsel.deb
        Size/MD5 checksum:   358738 cd6052fccfc4fefdda2ca7bf42823922
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mipsel.deb
        Size/MD5 checksum:   272356 c61c0d2c433d4300df31bc681d0d0edd
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_powerpc.deb
        Size/MD5 checksum:   271688 b4fa35b2b6d5d106043064b321c62ff7
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_powerpc.deb
        Size/MD5 checksum:   353198 192e72c7dabd1d8d7b64a755293969b9
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_powerpc.deb
        Size/MD5 checksum:   184192 0a4598f9d41f45a4f8d99982258bc352
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_powerpc.deb
        Size/MD5 checksum:   335480 4267b587cd7d75ea76dc36ec679bb2d6
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_s390.deb
        Size/MD5 checksum:   355016 839cfa24a74c834cba9161faaf7621e0
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_s390.deb
        Size/MD5 checksum:   285310 d7265f270c738d91c19bfaeeff8130a7
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_s390.deb
        Size/MD5 checksum:   184598 86f3ad1f997139c8f2c18105417f369b
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_s390.deb
        Size/MD5 checksum:   373294 8e8fbab4cf0f0214dbd64e6faaf1a87a
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_sparc.deb
        Size/MD5 checksum:   340024 74d40edc715045d8693421b4093168c8
      https://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_sparc.deb
        Size/MD5 checksum:   184162 32f294e0f8a06390053f8592cfce1f4d
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_sparc.deb
        Size/MD5 checksum:   336182 65adba9662394147aad1d34bb5ac90a4
      https://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_sparc.deb
        Size/MD5 checksum:   265080 9d47f318df9648ad5988c36e30d63016
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"15","type":"x","order":"1","pct":36.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"8","type":"x","order":"2","pct":19.51,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"18","type":"x","order":"3","pct":43.9,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.