Login
Newsletter
Werbung
Sicherheit: Denial of Service in dbus-glib
Aktuelle Meldungen Distributionen
Name: Denial of Service in dbus-glib
ID: RHSA-2010:0616-01
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux
Datum: Mi, 11. August 2010, 08:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172
Applikationen: dbus-glib

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dbus-glib security update
Advisory ID:       RHSA-2010:0616-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2010-0616.html
Issue date:        2010-08-10
CVE Names:         CVE-2010-1172 
=====================================================================

1. Summary:

Updated dbus-glib packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

dbus-glib is an add-on library to integrate the standard D-Bus library with
the GLib main loop and threading model. NetworkManager is a network link
manager that attempts to keep a wired or wireless network connection active
at all times.

It was discovered that dbus-glib did not enforce the "access" flag on
exported GObject properties. If such a property were read/write internally
but specified as read-only externally, a malicious, local user could use
this flaw to modify that property of an application. Such a change could
impact the application's behavior (for example, if an IP address were
changed the network may not come up properly after reboot) and possibly
lead to a denial of service. (CVE-2010-1172)

Due to the way dbus-glib translates an application's XML definitions of
service interfaces and properties into C code at application build time,
applications built against dbus-glib that use read-only properties needed
to be rebuilt to fully fix the flaw. As such, this update provides
NetworkManager packages that have been rebuilt against the updated
dbus-glib packages. No other applications shipped with Red Hat Enterprise
Linux 5 were affected.

All dbus-glib and NetworkManager users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Running instances of NetworkManager must be restarted (service
NetworkManager restart) for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

585394 - CVE-2010-1172 dbus-glib: property access not validated

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
NetworkManager-0.7.0-10.el5_5.1.src.rpm
dbus-glib-0.73-10.el5_5.src.rpm

i386:
NetworkManager-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-gnome-0.7.0-10.el5_5.1.i386.rpm
dbus-glib-0.73-10.el5_5.i386.rpm
dbus-glib-debuginfo-0.73-10.el5_5.i386.rpm
dbus-glib-devel-0.73-10.el5_5.i386.rpm

x86_64:
NetworkManager-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-gnome-0.7.0-10.el5_5.1.x86_64.rpm
dbus-glib-0.73-10.el5_5.i386.rpm
dbus-glib-0.73-10.el5_5.x86_64.rpm
dbus-glib-debuginfo-0.73-10.el5_5.i386.rpm
dbus-glib-debuginfo-0.73-10.el5_5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
NetworkManager-0.7.0-10.el5_5.1.src.rpm
dbus-glib-0.73-10.el5_5.src.rpm

i386:
NetworkManager-debuginfo-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm
dbus-glib-debuginfo-0.73-10.el5_5.i386.rpm
dbus-glib-devel-0.73-10.el5_5.i386.rpm

x86_64:
NetworkManager-debuginfo-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.x86_64.rpm
dbus-glib-debuginfo-0.73-10.el5_5.i386.rpm
dbus-glib-debuginfo-0.73-10.el5_5.x86_64.rpm
dbus-glib-devel-0.73-10.el5_5.i386.rpm
dbus-glib-devel-0.73-10.el5_5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
NetworkManager-0.7.0-10.el5_5.1.src.rpm
dbus-glib-0.73-10.el5_5.src.rpm

i386:
NetworkManager-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-gnome-0.7.0-10.el5_5.1.i386.rpm
dbus-glib-0.73-10.el5_5.i386.rpm
dbus-glib-debuginfo-0.73-10.el5_5.i386.rpm
dbus-glib-devel-0.73-10.el5_5.i386.rpm

ia64:
NetworkManager-0.7.0-10.el5_5.1.ia64.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.ia64.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.ia64.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.ia64.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.ia64.rpm
NetworkManager-gnome-0.7.0-10.el5_5.1.ia64.rpm
dbus-glib-0.73-10.el5_5.ia64.rpm
dbus-glib-debuginfo-0.73-10.el5_5.ia64.rpm
dbus-glib-devel-0.73-10.el5_5.ia64.rpm

ppc:
NetworkManager-0.7.0-10.el5_5.1.ppc.rpm
NetworkManager-0.7.0-10.el5_5.1.ppc64.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.ppc.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.ppc64.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.ppc.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.ppc64.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.ppc.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.ppc64.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.ppc.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.ppc64.rpm
NetworkManager-gnome-0.7.0-10.el5_5.1.ppc.rpm
dbus-glib-0.73-10.el5_5.ppc.rpm
dbus-glib-0.73-10.el5_5.ppc64.rpm
dbus-glib-debuginfo-0.73-10.el5_5.ppc.rpm
dbus-glib-debuginfo-0.73-10.el5_5.ppc64.rpm
dbus-glib-devel-0.73-10.el5_5.ppc.rpm
dbus-glib-devel-0.73-10.el5_5.ppc64.rpm

s390x:
dbus-glib-0.73-10.el5_5.s390.rpm
dbus-glib-0.73-10.el5_5.s390x.rpm
dbus-glib-debuginfo-0.73-10.el5_5.s390.rpm
dbus-glib-debuginfo-0.73-10.el5_5.s390x.rpm
dbus-glib-devel-0.73-10.el5_5.s390.rpm
dbus-glib-devel-0.73-10.el5_5.s390x.rpm

x86_64:
NetworkManager-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-debuginfo-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-devel-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.i386.rpm
NetworkManager-glib-devel-0.7.0-10.el5_5.1.x86_64.rpm
NetworkManager-gnome-0.7.0-10.el5_5.1.x86_64.rpm
dbus-glib-0.73-10.el5_5.i386.rpm
dbus-glib-0.73-10.el5_5.x86_64.rpm
dbus-glib-debuginfo-0.73-10.el5_5.i386.rpm
dbus-glib-debuginfo-0.73-10.el5_5.x86_64.rpm
dbus-glib-devel-0.73-10.el5_5.i386.rpm
dbus-glib-devel-0.73-10.el5_5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1172.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMYcWIXlSAg2UNWIIRAoTxAKCkELNasoj+UKWpaSysfdWilSM8gACdFMwB
D3kPsEQovc1v5hKpYyDVxeI=
=vPbQ
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung