OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Full-disclosure] MDKSA-2005:105 - Updated dbus packages fix vulnerability

From: Mandriva Security Team (securitymandriva.com)
Date: Fri Jun 24 2005 - 15:59:04 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name: dbus
 Advisory ID: MDKSA-2005:105
 Date: June 24th, 2005

 Affected versions: 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Dan Reed discovered a vulnerability in the D-BUS system for sending
 messages between applications. He found that a user can send and
 listen to messages on another user's per-user session bus if they
 knew the address of the socket.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0201
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 d5eb6d08b6a007fbd7a192628ba33c44 10.1/RPMS/dbus-0.22-3.1.101mdk.i586.rpm
 3e417b23c43db4e7473d647f104471a7 10.1/RPMS/dbus-python-0.22-3.1.101mdk.i586.rpm
 64f7ea9d74f62fdf0ee0ee6e109a3caf 10.1/RPMS/dbus-x11-0.22-3.1.101mdk.i586.rpm
 2c121bf2416362e4b611d0bda3abc737 10.1/RPMS/libdbus-1_0-0.22-3.1.101mdk.i586.rpm
 b05a0b9d6f04cb1903d2cd264ecb8590 10.1/RPMS/libdbus-1_0-devel-0.22-3.1.101mdk.i586.rpm
 5b7bb77f073cd51e642200191e5dc426 10.1/RPMS/libdbus-glib-1_0-0.22-3.1.101mdk.i586.rpm
 bf50565b2fc41f7e801c17d8e234d08d 10.1/RPMS/libdbus-qt-1_0-0.22-3.1.101mdk.i586.rpm
 7f2bb3ba2de7d91c1c67910ce22676ee 10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c6dbe1230e55ae99059d42053674109f x86_64/10.1/RPMS/dbus-0.22-3.1.101mdk.x86_64.rpm
 9e38bf83675eb40aa8078ab4d43aa3e4 x86_64/10.1/RPMS/dbus-python-0.22-3.1.101mdk.x86_64.rpm
 25366249b14a222d0ff41e748ae4964e x86_64/10.1/RPMS/dbus-x11-0.22-3.1.101mdk.x86_64.rpm
 36df1060f8e0243024e3f216a89e413e x86_64/10.1/RPMS/lib64dbus-1_0-0.22-3.1.101mdk.x86_64.rpm
 3f8484b68edbaeaeffdc520be0802be2 x86_64/10.1/RPMS/lib64dbus-1_0-devel-0.22-3.1.101mdk.x86_64.rpm
 1a093645499551ef0d21a5d45bfd3ce8 x86_64/10.1/RPMS/lib64dbus-glib-1_0-0.22-3.1.101mdk.x86_64.rpm
 3fd269c19dc1ec09b9f99088528c48e9 x86_64/10.1/RPMS/lib64dbus-qt-1_0-0.22-3.1.101mdk.x86_64.rpm
 7f2bb3ba2de7d91c1c67910ce22676ee x86_64/10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

 Corporate 3.0:
 7c4b8579d8eecda85f872e9a2fc4d4a5 corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.i586.rpm
 2e15717b81ca73467c23ab50a0095dc2 corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.i586.rpm
 8dcdff915a80b7d431f3a0ceb217f6d3 corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.i586.rpm
 b9977c3ae26550fbe72f396e4dfd9cfe corporate/3.0/RPMS/libdbus-1_0-0.20-7.1.C30mdk.i586.rpm
 b3da28ccfa97ab3b93bcf9781bb1e4bc corporate/3.0/RPMS/libdbus-1_0-devel-0.20-7.1.C30mdk.i586.rpm
 ee3ec88593d4905f0dd97cde0c9f658b corporate/3.0/RPMS/libdbus-glib-1_0-0.20-7.1.C30mdk.i586.rpm
 14583f66f8d8f447e06a252513be73a5 corporate/3.0/RPMS/libdbus-qt-1_0-0.20-7.1.C30mdk.i586.rpm
 47cdf4af75570b82b0186e9bdca839f0 corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 89bbcc00def4fbf81a4c1d66e157abaa x86_64/corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.x86_64.rpm
 99c4eda1d977bc2ee1e4ae622ffa8a39 x86_64/corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.x86_64.rpm
 dc34492029f4eb3d8d5d607f10c607a1 x86_64/corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.x86_64.rpm
 757173e4ee8c855e9c3bfa9318bd92bb x86_64/corporate/3.0/RPMS/lib64dbus-1_0-0.20-7.1.C30mdk.x86_64.rpm
 3a088834b9f401be106c9c5de05a400c x86_64/corporate/3.0/RPMS/lib64dbus-1_0-devel-0.20-7.1.C30mdk.x86_64.rpm
 88e751ac99d886fdf17b03c599192a4e x86_64/corporate/3.0/RPMS/lib64dbus-glib-1_0-0.20-7.1.C30mdk.x86_64.rpm
 c54c001d0e5e6cdca42856d4130fe072 x86_64/corporate/3.0/RPMS/lib64dbus-qt-1_0-0.20-7.1.C30mdk.x86_64.rpm
 47cdf4af75570b82b0186e9bdca839f0 x86_64/corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi. The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHQYmqjQ0CJFipgRAjuWAKDkXzhPQhPXrjw/nn1tCPamvmZSKwCgyg3V
sZGh0UWIIKP5FYw+0zNDn60=
=oSFw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/