[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2009-001: New dbus packages fix denial of service

Hash: SHA1

- --------------------------------------------------------------------------
Debian Edu/Skolelinux Security Advisory DESA 2009-001
http://www.skolelinux.org/security/     Steffen Joeris
July 19, 2009         debian-edu-security@lists.alioth.debian.org
- ----------------------------------------------------------------------------

Package             : dbus (dbus, dbus-x11, libdbus-1-3)
Vulnerability       : programming error
Problem-Type        : local 
Need reboot         : no
Debian Edu-specific : no
CVE ID              : CVE-2009-1189
Debian Bug          : 532720

It was discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack. This issue was caused by an incorrect fix for
DSA-1658-1 and DESA 2008-004.

For the Debian-Edu/Skolelinux stable distribution (terra, etch based),
this problem has been fixed in version 1.0.2-1.0.edu.etch.1+terra3.

Packages for the powerpc and amd64 architectures will be released once
they are available.

We recommend that you upgrade your dbus packages.

Upgrade Instructions
- ----------------------

Make sure the line

  deb http://ftp.skolelinux.org/skolelinux etch local

is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run

  aptitude upgrade

to upgrade all the packages mentioned above. This might upgrade other
packages too, and you should run

  aptitude install package

if you only want to upgrade the package mentioned above.

- - --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'
Version: GnuPG v1.4.9 (GNU/Linux)


Reply to: