MDVSA-2009:256-1
- Package name
- dbus
- Date
- 2009-12-05
- Advisory ID
- MDVSA-2009:256-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability was discovered and corrected in dbus:
The _dbus_validate_signature_with_reason function
(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic
to validate a basic type, which allows remote attackers to spoof a
signature via a crafted key. NOTE: this is due to an incorrect fix
for CVE-2008-3834 (CVE-2009-1189).
This update provides a fix for this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
f6f698df9a6c96f40da512b22d24f8bb 2008.0/i586/dbus-1.0.2-10.4mdv2008.0.i586.rpm 624b6fc20eea9f20a7d37082dc11fb08 2008.0/i586/dbus-x11-1.0.2-10.4mdv2008.0.i586.rpm b86eaa6581bf1a7922eb688e81530bf2 2008.0/i586/libdbus-1_3-1.0.2-10.4mdv2008.0.i586.rpm c9c2d25d13d1ebc5c4be9c742336a513 2008.0/i586/libdbus-1_3-devel-1.0.2-10.4mdv2008.0.i586.rpm 9c8c7a0733cba7e36624deb5a9328401 2008.0/SRPMS/dbus-1.0.2-10.4mdv2008.0.src.rpm
2008.0 x86_64
4d553999e6e34391b85953fedba7b051 2008.0/x86_64/dbus-1.0.2-10.4mdv2008.0.x86_64.rpm af7e3a9c174f96f25861ed4f82628927 2008.0/x86_64/dbus-x11-1.0.2-10.4mdv2008.0.x86_64.rpm 471b586bb2c1b2c6615b7eeb9243a50e 2008.0/x86_64/lib64dbus-1_3-1.0.2-10.4mdv2008.0.x86_64.rpm 5969a7c3e9310fbbde6842ed54d209df 2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.4mdv2008.0.x86_64.rpm 9c8c7a0733cba7e36624deb5a9328401 2008.0/SRPMS/dbus-1.0.2-10.4mdv2008.0.src.rpm