Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: D-Bus vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the D-Bus library did not correctly validate signatures. If a local user sent a specially crafted D-Bus key, they could spoof a valid signature and bypass security policies.
Ubuntu Security Notice USN-799-1              July 13, 2009
dbus vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libdbus-1-2                     0.60-6ubuntu8.4

Ubuntu 8.04 LTS:
  libdbus-1-3                     1.1.20-1ubuntu3.3

Ubuntu 8.10:
  libdbus-1-3                     1.2.4-0ubuntu1.1

Ubuntu 9.04:
  libdbus-1-3                     1.2.12-0ubuntu2.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that the D-Bus library did not correctly validate
signatures. If a local user sent a specially crafted D-Bus key, they could
spoof a valid signature and bypass security policies.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   101262 d5559595619e32f16216887d80723873
      Size/MD5:     1134 f0ad0fcf6989c6c3fa01f91e62472199
      Size/MD5:  1674899 da9561b5e579cedddc34f53427e99a93

  Architecture independent packages:
      Size/MD5:  1656166 ab31972db6d836c79c439793e84be9ba
      Size/MD5:   188416 876d818d7255ce6dff1305bc017cdf0a
      Size/MD5:   179628 64bf9d0c5cd3d1f25d30dd9610f36eb0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   175014 0d0f03a37a501e37bdf691497cd69ea5
      Size/MD5:   355450 01f896b2df67240ff4262ed59917eb21
      Size/MD5:   265270 e00956750bdeebc7ad026f343e084d2d
      Size/MD5:   329158 5ab591fa9caec11c12365f07c158e845
      Size/MD5:   199754 3086b8cb07ddb251fcb1acba2c094988
      Size/MD5:   242768 aeac6d0dd7ccfe615001b194670c167d
      Size/MD5:   173464 570fc4c6d3839570c459818cc4cf63bf
      Size/MD5:   178828 c530a7e165a145e922a450a534773f3c
      Size/MD5:   284686 1414a2b54ef42d41a65560cccfd0228c

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   171482 155048f1f70c8609a701cf5d7d4cebed
      Size/MD5:   324794 6b3da7b2b8427584a3348b84a077f61f
      Size/MD5:   247052 7f0b762f782ddcda5ddc9bc6f1aa19f0
      Size/MD5:   296296 cb121470d14277ef029dc49f7fde64ec
      Size/MD5:   191838 00551fc5f66575d5cb5c7ea1ef60070c
      Size/MD5:   226604 29f5345f97157c9e096c0c2de9d51711
      Size/MD5:   172426 9cac6a99d543e2e307668457c59c16cc
      Size/MD5:   174402 1cae24058b11cee97d76eb95b96b3cb3
      Size/MD5:   247222 b0f7f760b8939b312a27884743768542

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   173668 0af94c787171743f96cc1e59eb09e44d
      Size/MD5:   343774 817379b18e51bd7f087d7e89a2cf1e48
      Size/MD5:   257220 f3a92882cc272cc3270a01aa8f61c5b6
      Size/MD5:   329490 e448d6299f170dea542fef4b79e55879
      Size/MD5:   195990 fcd9dbd57a22574f4a587280ddbecbec
      Size/MD5:   248072 dc2667c60e8a953de71e4248da6982d9
      Size/MD5:   173822 5b39ec0d9acc9d2cd72d55b7df287ce7
      Size/MD5:   178776 bf6206d523e882c5ea07cb3b285b56dc
      Size/MD5:   266484 53f03243631f3591004a310091c1bad1

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   170768 9473b362d5fa65838bb8db6fc8870db6
      Size/MD5:   327348 9967e00665f3663665bcd0620d00b3f7
      Size/MD5:   250734 e1b5e937fa73a4ebf3bf237042231240
      Size/MD5:   312748 56e144f795954d5484d80c30b3c6643c
      Size/MD5:   192894 213a9026cd3a6eecb4827a03c6dafda6
      Size/MD5:   231422 7fd10000bd72409a85eb170b16ddcafe
      Size/MD5:   170624 75724902e844fd8441acacc9942bcbba
      Size/MD5:   174210 1d03e56aa138e4178ae014cbb28d6718
      Size/MD5:   260730 c0d66ce0699916d2e31b47aa16fcf61e

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    28358 225d0c5ace278cbd66096e3546b7a60f
      Size/MD5:     1273 ac3bc9001d82666812150d94fe99a7fe
      Size/MD5:  1401902 c552b9bc4b69e4c602644abc21b7661e

  Architecture independent packages:
      Size/MD5:  1706308 ead3cbd02c1cb1ef1e61411c89955aca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    44282 c70e21f74b3187bfced6d4f00d83f6d4
      Size/MD5:   317562 16081ea504015a044a3f68c179f63866
      Size/MD5:   138528 bb7ddacde2668a66aa7c7529d317e3df
      Size/MD5:   187804 43f17d1b13d41cd5a9fe903c93777c0b

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    43100 e3bb7fabe6f7a9b7e8831676a9246ad6
      Size/MD5:   281556 1b40e27e9251fca4b50369bac0d3f3ca
      Size/MD5:   124052 e8dc9e74f5716770f5d8601210f2f6f9
      Size/MD5:   169394 85ab234913baa5cf63be703a39abc376

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    43020 eb9998ce15b175b247e3ab298f7084a0
      Size/MD5:   276014 75488566935ebe9988fd1cc6e1c11834
      Size/MD5:   121866 b4939af9aba578d0d87bb9fa423337ad
      Size/MD5:   165208 7bf641854ccbcaea4af52aa1a4d0b6be

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    46580 e3ce68ab77bbc40da41903707b6e3c15
      Size/MD5:   306716 caa230fb4fa69651b2de305bad906dcb
      Size/MD5:   132042 99d89ceedc8e5a593149eb4fef0eab6d
      Size/MD5:   176430 5b9add3532141afd264681c0533dfa4b

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    43304 8d671659f7ba9a8f189b27fbf8aa99c6
      Size/MD5:   274910 1588340d82c4ac4bd3b44d1a5805ec9c
      Size/MD5:   122390 df67e4fbfb32a784fbcd8acefedf8e67
      Size/MD5:   172246 0773d30fde3b222ba37abf43f893f43b

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:    28210 ad5bfab0a2080659c8826cc173a66638
      Size/MD5:     1656 defc6dc29f4d9c788affd90c7308c9bc
      Size/MD5:  1564370 2e643910a09f44b000a0d76038637999

  Architecture independent packages:
      Size/MD5:  1713542 ed7496a0f96c34868ff438b7754c81d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    41732 bfba13f61cafd8dfc04ac392cbd50125
      Size/MD5:   206644 a5dbbbf05422dfe4d580e6b40d7bf72a
      Size/MD5:   138426 af08917b264e58923252e2352a61ef7f
      Size/MD5:   214914 4e03c084f6aecb7c5c61c658786c52af

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    40484 5cb08657826374773088850f6aaa2de2
      Size/MD5:   186374 d74e6ffc735410a651bafbce712f3d9c
      Size/MD5:   123912 33cc7c3a616763b79d1110eb4c9b3e92
      Size/MD5:   191154 13cd3c975c1c1273bc544693faccee29

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    40348 70f12c306f6e47b2ac84307411e0b73e
      Size/MD5:   182440 351b7f913f28a1e08a6b390572accc68
      Size/MD5:   121476 4bdf997a788e323c14cc567dd503d373
      Size/MD5:   187962 35f1d74143fac5e8a6d37bd2ab7e428b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    43288 cccf43be01daf53082c64fc52f78b519
      Size/MD5:   207920 e392c30ac71b1dd533f14e518dea4016
      Size/MD5:   132140 17c94d7d5ada10817348fbf31c636163
      Size/MD5:   198624 b21b5b840c14828f501be0955465d30b

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    40626 099754bb372685ce362582aa777624e6
      Size/MD5:   182642 f4d3d82357357c160e0bd698c7ac99f5
      Size/MD5:   121810 49661caf101601ba77f7800b4a09c2dc
      Size/MD5:   189296 ac7e4ee44775cd67f059cb83a58c3f06

Updated packages for Ubuntu 9.04:

  Source archives:
      Size/MD5:    28652 a5e83005b23f64488d8200cfbb5ce2e4
      Size/MD5:     1663 68783134ec353aba9ae356bba80e7f17
      Size/MD5:  1574756 39bd582c3b06a261cac44d4cab6fd60b

  Architecture independent packages:
      Size/MD5:  1721334 d0d4404090098c101ac52279632bd0df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    42168 57a3dd01eb38b432406ddbdc303157d8
      Size/MD5:   209830 7e89a78024b7251015478a01e728b034
      Size/MD5:   139208 e999febcca7fbff586939f895ce31d17
      Size/MD5:   215238 f355ce018a95ba79b0a2ef7b48ba92dc

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    40932 1235169cf926c2a934c2884a01a6cfa3
      Size/MD5:   189616 81179b79fc1702b4f5d6e8ac70c47412
      Size/MD5:   124530 a283e320a8b5c62e10f7585d1b33f848
      Size/MD5:   191290 655371b34d1208a503f5a76637af6734

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    40774 39065e52145cb6a8801ef1341a7a03da
      Size/MD5:   185162 3bd7430adf141d329e9a26767678c545
      Size/MD5:   122028 1cff5f723fe4628aaa363d43d7360a4c
      Size/MD5:   188134 cbde81aa24db5b873d24371c44a4e434

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    43766 3ebdfff03d6eecb94d64021db5bb14e5
      Size/MD5:   210542 6ea4990cadec4135c060f1a6cbf0e4e9
      Size/MD5:   132216 cf2905af6daee73f0e668977fe75f72b
      Size/MD5:   198398 344bdd6e6954e0f5c4d2bb159240fe1d

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    41002 d26b088726d2c04bf63205159fbaca18
      Size/MD5:   185368 a89ef6cd1daaaf7ab0edbfcd19f80b8a
      Size/MD5:   122370 735cb170270225324f47e152893672f8
      Size/MD5:   189452 187603f925e3468c104a4fc25a88fb24

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.