Paketname
dbus
Datum
2009-12-05
Advisory ID
MDVSA-2009:256-1
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

A vulnerability was discovered and corrected in dbus:

The _dbus_validate_signature_with_reason function
(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic
to validate a basic type, which allows remote attackers to spoof a
signature via a crafted key. NOTE: this is due to an incorrect fix
for CVE-2008-3834 (CVE-2009-1189).

This update provides a fix for this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Aktualisierte Pakete

2008.0 i586

 f6f698df9a6c96f40da512b22d24f8bb  2008.0/i586/dbus-1.0.2-10.4mdv2008.0.i586.rpm
 624b6fc20eea9f20a7d37082dc11fb08  2008.0/i586/dbus-x11-1.0.2-10.4mdv2008.0.i586.rpm
 b86eaa6581bf1a7922eb688e81530bf2  2008.0/i586/libdbus-1_3-1.0.2-10.4mdv2008.0.i586.rpm
 c9c2d25d13d1ebc5c4be9c742336a513  2008.0/i586/libdbus-1_3-devel-1.0.2-10.4mdv2008.0.i586.rpm 
 9c8c7a0733cba7e36624deb5a9328401  2008.0/SRPMS/dbus-1.0.2-10.4mdv2008.0.src.rpm

2008.0 x86_64

 4d553999e6e34391b85953fedba7b051  2008.0/x86_64/dbus-1.0.2-10.4mdv2008.0.x86_64.rpm
 af7e3a9c174f96f25861ed4f82628927  2008.0/x86_64/dbus-x11-1.0.2-10.4mdv2008.0.x86_64.rpm
 471b586bb2c1b2c6615b7eeb9243a50e  2008.0/x86_64/lib64dbus-1_3-1.0.2-10.4mdv2008.0.x86_64.rpm
 5969a7c3e9310fbbde6842ed54d209df  2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.4mdv2008.0.x86_64.rpm 
 9c8c7a0733cba7e36624deb5a9328401  2008.0/SRPMS/dbus-1.0.2-10.4mdv2008.0.src.rpm

Referenzen