Home > Security > Advisories

Advisories

Mandriva Advisories

Package name dbus
Date June 24th, 2005
Advisory ID MDKSA-2005:105
Affected versions 10.1, CS3.0
Synopsis Updated dbus packages fix vulnerability

Problem Description

Dan Reed discovered a vulnerability in the D-BUS system for sending
messages between applications. He found that a user can send and
listen to messages on another user's per-user session bus if they
knew the address of the socket.

The updated packages have been patched to correct this problem.

Updated Packages

Mandrakelinux 10.1

 d5eb6d08b6a007fbd7a192628ba33c44  10.1/RPMS/dbus-0.22-3.1.101mdk.i586.rpm
3e417b23c43db4e7473d647f104471a7  10.1/RPMS/dbus-python-0.22-3.1.101mdk.i586.rpm
64f7ea9d74f62fdf0ee0ee6e109a3caf  10.1/RPMS/dbus-x11-0.22-3.1.101mdk.i586.rpm
2c121bf2416362e4b611d0bda3abc737  10.1/RPMS/libdbus-1_0-0.22-3.1.101mdk.i586.rpm
b05a0b9d6f04cb1903d2cd264ecb8590  10.1/RPMS/libdbus-1_0-devel-0.22-3.1.101mdk.i586.rpm
5b7bb77f073cd51e642200191e5dc426  10.1/RPMS/libdbus-glib-1_0-0.22-3.1.101mdk.i586.rpm
bf50565b2fc41f7e801c17d8e234d08d  10.1/RPMS/libdbus-qt-1_0-0.22-3.1.101mdk.i586.rpm
7f2bb3ba2de7d91c1c67910ce22676ee  10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 c6dbe1230e55ae99059d42053674109f  x86_64/10.1/RPMS/dbus-0.22-3.1.101mdk.x86_64.rpm
9e38bf83675eb40aa8078ab4d43aa3e4  x86_64/10.1/RPMS/dbus-python-0.22-3.1.101mdk.x86_64.rpm
25366249b14a222d0ff41e748ae4964e  x86_64/10.1/RPMS/dbus-x11-0.22-3.1.101mdk.x86_64.rpm
36df1060f8e0243024e3f216a89e413e  x86_64/10.1/RPMS/lib64dbus-1_0-0.22-3.1.101mdk.x86_64.rpm
3f8484b68edbaeaeffdc520be0802be2  x86_64/10.1/RPMS/lib64dbus-1_0-devel-0.22-3.1.101mdk.x86_64.rpm
1a093645499551ef0d21a5d45bfd3ce8  x86_64/10.1/RPMS/lib64dbus-glib-1_0-0.22-3.1.101mdk.x86_64.rpm
3fd269c19dc1ec09b9f99088528c48e9  x86_64/10.1/RPMS/lib64dbus-qt-1_0-0.22-3.1.101mdk.x86_64.rpm
7f2bb3ba2de7d91c1c67910ce22676ee  x86_64/10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

Corporate Server 3.0

 7c4b8579d8eecda85f872e9a2fc4d4a5  corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.i586.rpm
2e15717b81ca73467c23ab50a0095dc2  corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.i586.rpm
8dcdff915a80b7d431f3a0ceb217f6d3  corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.i586.rpm
b9977c3ae26550fbe72f396e4dfd9cfe  corporate/3.0/RPMS/libdbus-1_0-0.20-7.1.C30mdk.i586.rpm
b3da28ccfa97ab3b93bcf9781bb1e4bc  corporate/3.0/RPMS/libdbus-1_0-devel-0.20-7.1.C30mdk.i586.rpm
ee3ec88593d4905f0dd97cde0c9f658b  corporate/3.0/RPMS/libdbus-glib-1_0-0.20-7.1.C30mdk.i586.rpm
14583f66f8d8f447e06a252513be73a5  corporate/3.0/RPMS/libdbus-qt-1_0-0.20-7.1.C30mdk.i586.rpm
47cdf4af75570b82b0186e9bdca839f0  corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 89bbcc00def4fbf81a4c1d66e157abaa  x86_64/corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.x86_64.rpm
99c4eda1d977bc2ee1e4ae622ffa8a39  x86_64/corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.x86_64.rpm
dc34492029f4eb3d8d5d607f10c607a1  x86_64/corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.x86_64.rpm
757173e4ee8c855e9c3bfa9318bd92bb  x86_64/corporate/3.0/RPMS/lib64dbus-1_0-0.20-7.1.C30mdk.x86_64.rpm
3a088834b9f401be106c9c5de05a400c  x86_64/corporate/3.0/RPMS/lib64dbus-1_0-devel-0.20-7.1.C30mdk.x86_64.rpm
88e751ac99d886fdf17b03c599192a4e  x86_64/corporate/3.0/RPMS/lib64dbus-glib-1_0-0.20-7.1.C30mdk.x86_64.rpm
c54c001d0e5e6cdca42856d4130fe072  x86_64/corporate/3.0/RPMS/lib64dbus-qt-1_0-0.20-7.1.C30mdk.x86_64.rpm
47cdf4af75570b82b0186e9bdca839f0  x86_64/corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0201

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.