Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0086 -- [UNIX/Linux][RedHat]
Moderate: dbus security update
9 February 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: dbus
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Desktop 4
Red Hat Enterprise Linux AS/ES/WS 4
UNIX variants (UNIX, Linux, OSX)
Impact: Denial of Service
Access: Existing Account
CVE Names: CVE-2006-6107
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0008.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running dbus check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: dbus security update
Advisory ID: RHSA-2007:0008-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0008.html
Issue date: 2007-02-08
Updated on: 2007-02-08
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6107
- - ---------------------------------------------------------------------
1. Summary:
Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
D-BUS is a system for sending messages between applications. It is used
both for the systemwide message bus service, and as a
per-user-login-session messaging facility.
Kimmo Hämäläinen discovered a flaw in the way D-BUS processes certain
messages. It is possible for a local unprivileged D-BUS process to disrupt
the ability of another D-BUS process to receive messages. (CVE-2006-6107)
Users of dbus are advised to upgrade to these updated packages, which
contain backported patches to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
218055 - CVE-2006-6107 D-Bus denial of service
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656 dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5 dbus-x11-0.22-12.EL.8.i386.rpm
ia64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
dd584d93cd98e8ebc3331e5c5d938b87 dbus-0.22-12.EL.8.ia64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
872bafd3dbb945e65141d63418ee9592 dbus-debuginfo-0.22-12.EL.8.ia64.rpm
a294a24161855aa73d4a9d83e4f3a107 dbus-devel-0.22-12.EL.8.ia64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
b07996f3ebf2331958a1adfd230302cc dbus-glib-0.22-12.EL.8.ia64.rpm
c7406fea694e12487aa8213142ed66ea dbus-python-0.22-12.EL.8.ia64.rpm
7097ef62d6917170005f000a14a54fe7 dbus-x11-0.22-12.EL.8.ia64.rpm
ppc:
acaed9d78ce157ef8b15e19692c832c1 dbus-0.22-12.EL.8.ppc.rpm
87db84625d2e27f3b0c168e2f1e34a18 dbus-0.22-12.EL.8.ppc64.rpm
a9f3006c196b42ee882baced9a29f821 dbus-debuginfo-0.22-12.EL.8.ppc.rpm
c40f580e5fc221bedfdbe209172fa671 dbus-debuginfo-0.22-12.EL.8.ppc64.rpm
d4adf9454e5303fdcaab8c43805a212c dbus-devel-0.22-12.EL.8.ppc.rpm
1a66a5a36be6167dff2558866ab34d9c dbus-glib-0.22-12.EL.8.ppc.rpm
e28bef04fa98091747deef3b121fec18 dbus-glib-0.22-12.EL.8.ppc64.rpm
60c70fee76a3a98c6cf46629901b2ed3 dbus-python-0.22-12.EL.8.ppc.rpm
02a34c40ade9386f829e0bbf12dc8036 dbus-x11-0.22-12.EL.8.ppc.rpm
s390:
2aec70890676846f00be1fd5ed9f4a9c dbus-0.22-12.EL.8.s390.rpm
995ca549549fa390bb04fee99726f683 dbus-debuginfo-0.22-12.EL.8.s390.rpm
ba507082ec7e13a57cbf9d2addf18e9d dbus-devel-0.22-12.EL.8.s390.rpm
79ebed9e812ce4760fcbd4bb7fa8efb7 dbus-glib-0.22-12.EL.8.s390.rpm
f1be5d2e04c8e0698caddc9d0af40ab2 dbus-python-0.22-12.EL.8.s390.rpm
11ca54506fedf365fab62e025d7b742b dbus-x11-0.22-12.EL.8.s390.rpm
s390x:
2aec70890676846f00be1fd5ed9f4a9c dbus-0.22-12.EL.8.s390.rpm
38a9c1c9838f1fc0ffe7e8c62259a4e9 dbus-0.22-12.EL.8.s390x.rpm
995ca549549fa390bb04fee99726f683 dbus-debuginfo-0.22-12.EL.8.s390.rpm
146b6a51d985cec520b70d2e39353c95 dbus-debuginfo-0.22-12.EL.8.s390x.rpm
d17fd60137f8fc012826cb5c2fb1c798 dbus-devel-0.22-12.EL.8.s390x.rpm
79ebed9e812ce4760fcbd4bb7fa8efb7 dbus-glib-0.22-12.EL.8.s390.rpm
5608a1394e595ee7560bc2080b54524e dbus-glib-0.22-12.EL.8.s390x.rpm
6afc6054de436384a71951c4ca7c1083 dbus-python-0.22-12.EL.8.s390x.rpm
aa63335eff72a01edf6c3c8709257100 dbus-x11-0.22-12.EL.8.s390x.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2 dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36 dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6 dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947 dbus-x11-0.22-12.EL.8.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656 dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5 dbus-x11-0.22-12.EL.8.i386.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2 dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36 dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6 dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947 dbus-x11-0.22-12.EL.8.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656 dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5 dbus-x11-0.22-12.EL.8.i386.rpm
ia64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
dd584d93cd98e8ebc3331e5c5d938b87 dbus-0.22-12.EL.8.ia64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
872bafd3dbb945e65141d63418ee9592 dbus-debuginfo-0.22-12.EL.8.ia64.rpm
a294a24161855aa73d4a9d83e4f3a107 dbus-devel-0.22-12.EL.8.ia64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
b07996f3ebf2331958a1adfd230302cc dbus-glib-0.22-12.EL.8.ia64.rpm
c7406fea694e12487aa8213142ed66ea dbus-python-0.22-12.EL.8.ia64.rpm
7097ef62d6917170005f000a14a54fe7 dbus-x11-0.22-12.EL.8.ia64.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2 dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36 dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6 dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947 dbus-x11-0.22-12.EL.8.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656 dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5 dbus-x11-0.22-12.EL.8.i386.rpm
ia64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
dd584d93cd98e8ebc3331e5c5d938b87 dbus-0.22-12.EL.8.ia64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
872bafd3dbb945e65141d63418ee9592 dbus-debuginfo-0.22-12.EL.8.ia64.rpm
a294a24161855aa73d4a9d83e4f3a107 dbus-devel-0.22-12.EL.8.ia64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
b07996f3ebf2331958a1adfd230302cc dbus-glib-0.22-12.EL.8.ia64.rpm
c7406fea694e12487aa8213142ed66ea dbus-python-0.22-12.EL.8.ia64.rpm
7097ef62d6917170005f000a14a54fe7 dbus-x11-0.22-12.EL.8.ia64.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2 dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36 dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224 dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6 dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947 dbus-x11-0.22-12.EL.8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6107
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFFyuIjXlSAg2UNWIIRApIjAKCxh133rdAGHarhjGA3X7T1pTi3SACglW7x
et3poRJOaO1f3Pn5TLB+eo4=
=0+2B
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRcu8/Sh9+71yA2DNAQKifgP+NGKLRvWY8g3tgf/kX+0fsjccWeVphJ2H
qNW0NHM1u51Gz0Wn+j5+OzdN/ium9lAeMJOf8IjAOkeUAWJqtMzM7dXJp2Egk3tg
TLqx771COw4h07hM1rB8WdeJbRuiRGtReDtErWbjBOXCf3TRKYcPzBFqpLohl03W
/5Jz9j6kDRM=
=oAp/
-----END PGP SIGNATURE-----