[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2008-004: New dbus packages fix DoS

Debian Edu/Skolelinux Security Advisory DESA 2008-004
http://www.skolelinux.org/security/     Steffen Joeris
October 22nd, 2008         debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : dbus (dbus, dbus-x11, libdbus-1-3)
Vulnerability       : denial of service
Problem-Type        : local
Need reboot         : no
Debian Edu-specific : no
CVE ID              : CVE-2008-3834
Debian Bug	    : 501443

Colin Walters discovered that the dbus_signature_validate function in 
dbus, a simple interprocess messaging system, is prone to a denial of 
service attack.

For the Debian-Edu/Skolelinux stable distribution (terra, etch based),
this problem has been fixed in version 1.0.2-1.0.edu.etch.1+terra2.

We recommend that you upgrade your dbus packages.

Upgrade Instructions
- --------------------

Make sure the line

  deb http://ftp.skolelinux.org/skolelinux etch local

is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run

  aptitude upgrade

to upgrade all the packages mentioned above. This might upgrade other
packages too, and you should run

  aptitude install package

if you only want to upgrade the package mentioned above.

- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: