[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2008-003: New dbus packages fix privilege escalation

Debian Edu/Skolelinux Security Advisory DESA 2008-003
http://www.skolelinux.org/security/     Steffen Joeris
June 27th, 2008         debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : dbus (dbus, dbus-x11, libdbus-1-3)
Vulnerability       : programming error
Problem-Type        : local
Need reboot         : no
Debian Edu-specific : no
CVE ID              : CVE-2008-0595
DSA ID              : DSA-1599-1

Havoc Pennington discovered that DBus, a simple interprocess messaging
system, performs insufficient validation of security policies, which
might allow local privilege escalation.

For the Debian-Edu/Skolelinux stable distribution (terra, etch based),
this problem has been fixed in version 1.0.2-1.0.edu.etch.1+terra1.

We recommend that you upgrade your dbus packages.

Upgrade Instructions
- --------------------

Make sure the line

  deb http://ftp.skolelinux.org/skolelinux etch local

is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run

  aptitude upgrade

to upgrade all the packages mentioned above. This might upgrade other
packages too, and you should run

  aptitude install package

if you only want to upgrade the package mentioned above.

- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: