DESA-2009-001: New dbus packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Edu/Skolelinux Security Advisory DESA 2009-001
http://www.skolelinux.org/security/ Steffen Joeris
July 19, 2009 debian-edu-security@lists.alioth.debian.org
- ----------------------------------------------------------------------------
Package : dbus (dbus, dbus-x11, libdbus-1-3)
Vulnerability : programming error
Problem-Type : local
Need reboot : no
Debian Edu-specific : no
CVE ID : CVE-2009-1189
Debian Bug : 532720
It was discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack. This issue was caused by an incorrect fix for
DSA-1658-1 and DESA 2008-004.
For the Debian-Edu/Skolelinux stable distribution (terra, etch based),
this problem has been fixed in version 1.0.2-1.0.edu.etch.1+terra3.
Packages for the powerpc and amd64 architectures will be released once
they are available.
We recommend that you upgrade your dbus packages.
Upgrade Instructions
- ----------------------
Make sure the line
deb http://ftp.skolelinux.org/skolelinux etch local
is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run
aptitude upgrade
to upgrade all the packages mentioned above. This might upgrade other
packages too, and you should run
aptitude install package
if you only want to upgrade the package mentioned above.
- - --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkpiuoMACgkQ62zWxYk/rQcZnQCffgc9QEzvw1Ase3aWi+U/RQFL
Mm8AlRapvwZvXI/1arRpm+HDFtBbuYo=
=36+i
-----END PGP SIGNATURE-----
Reply to: