[Sec-cert] [RedHat] Schwachstelle in der D-bus Bibliothek vor Version 1.2.4 - RHSA-2010:0018-01

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Fr Jan 8 15:23:31 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2009-1189 - Schwachstelle in der Funktion
_dbus_validate_signature_with_reason()

  Die Funktion _dbus_validate_signature_with_reason()
  (aus:dbus-marshal-validate.c) in D-Bus (auch DBus genannt) validiert
  einen Basistyp nicht korrekt. Ein entfernter Angreifer kann diese
  Schwachstelle ausnutzen um eine Signatur mit einem manipulierten
  Schluessel zu faelschen oder mit einer entsprechend aufgebauten Signatur
  die Anwendung zum Absturz zu bringen.

CVE-2008-3834 - Denial of Service Schwachstelle in der D-bus Funktion
dbus_signature_validate()

  Beim Verarbeiten einer fehlerhaften Signatur kommt es in der D-Bus
  Funktion dbus_signature_validate() zu einem Fehlschlag einer Zusicherung
  (Assertion), worauf das Programm welches die D-Bus Bibliothek verwendet
  sich beendet. Ein entfernter Angreifer kann diese Schwachstelle zu
  einem Denial of Service Angriff ausnutzen.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket dbus

  RHEL Desktop Workstation (v. 5 client) - i386, x86_64
  Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
  Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  https://rhn.redhat.com/errata/RHSA-2010-0018.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dbus security update
Advisory ID:       RHSA-2010:0018-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2010-0018.html
Issue date:        2010-01-07
CVE Names:         CVE-2009-1189 
=====================================================================

1. Summary:

Updated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did
not correctly fix the denial of service flaw in the system for sending
messages between applications. A local user could use this flaw to send a
message with a malformed signature to the bus, causing the bus (and,
consequently, any process using libdbus to receive messages) to abort.
(CVE-2009-1189)

Note: Users running any application providing services over the system
message bus are advised to test this update carefully before deploying it
in production environments.

All users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. For the update to take effect, all
running instances of dbus-daemon and all running applications using the
libdbus library must be restarted, or the system rebooted.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network.  Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

496672 - CVE-2009-1189 dbus: invalid fix for CVE-2008-3834

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.1.2-12.el5_4.1.src.rpm

i386:
dbus-1.1.2-12.el5_4.1.i386.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.i386.rpm
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
dbus-x11-1.1.2-12.el5_4.1.i386.rpm

x86_64:
dbus-1.1.2-12.el5_4.1.i386.rpm
dbus-1.1.2-12.el5_4.1.x86_64.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.i386.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.x86_64.rpm
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.1.2-12.el5_4.1.src.rpm

i386:
dbus-debuginfo-1.1.2-12.el5_4.1.i386.rpm
dbus-devel-1.1.2-12.el5_4.1.i386.rpm

x86_64:
dbus-debuginfo-1.1.2-12.el5_4.1.i386.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.x86_64.rpm
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dbus-1.1.2-12.el5_4.1.src.rpm

i386:
dbus-1.1.2-12.el5_4.1.i386.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.i386.rpm
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
dbus-x11-1.1.2-12.el5_4.1.i386.rpm

ia64:
dbus-1.1.2-12.el5_4.1.ia64.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.ia64.rpm
dbus-devel-1.1.2-12.el5_4.1.ia64.rpm
dbus-libs-1.1.2-12.el5_4.1.ia64.rpm
dbus-x11-1.1.2-12.el5_4.1.ia64.rpm

ppc:
dbus-1.1.2-12.el5_4.1.ppc.rpm
dbus-1.1.2-12.el5_4.1.ppc64.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.ppc.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.ppc64.rpm
dbus-devel-1.1.2-12.el5_4.1.ppc.rpm
dbus-devel-1.1.2-12.el5_4.1.ppc64.rpm
dbus-libs-1.1.2-12.el5_4.1.ppc.rpm
dbus-libs-1.1.2-12.el5_4.1.ppc64.rpm
dbus-x11-1.1.2-12.el5_4.1.ppc.rpm

s390x:
dbus-1.1.2-12.el5_4.1.s390.rpm
dbus-1.1.2-12.el5_4.1.s390x.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.s390.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.s390x.rpm
dbus-devel-1.1.2-12.el5_4.1.s390.rpm
dbus-devel-1.1.2-12.el5_4.1.s390x.rpm
dbus-libs-1.1.2-12.el5_4.1.s390.rpm
dbus-libs-1.1.2-12.el5_4.1.s390x.rpm
dbus-x11-1.1.2-12.el5_4.1.s390x.rpm

x86_64:
dbus-1.1.2-12.el5_4.1.i386.rpm
dbus-1.1.2-12.el5_4.1.x86_64.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.i386.rpm
dbus-debuginfo-1.1.2-12.el5_4.1.x86_64.rpm
dbus-devel-1.1.2-12.el5_4.1.i386.rpm
dbus-devel-1.1.2-12.el5_4.1.x86_64.rpm
dbus-libs-1.1.2-12.el5_4.1.i386.rpm
dbus-libs-1.1.2-12.el5_4.1.x86_64.rpm
dbus-x11-1.1.2-12.el5_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-1189.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLRjL4XlSAg2UNWIIRAkzJAKCfk9Fo5RoJyt1xszKXq+q/9PYjLwCgwqHo
isEZM34aLMK9LXqZxKFFR00=
=l9Mn
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLRz/jWmhIvjFb90URAvIOAJsFEFn6uP3POIZLXxw8Uf268UNGxgCfaarK
LrkswZiVzUXi1gK2c6+jlZk=
=fotI
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert