-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:213 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dbus Date : October 15, 2008 Affected: 2008.0, 2008.1, 2009.0 _______________________________________________________________________ Problem Description: The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request (CVE-2008-3834). The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 53ddac46fc15f92a05beb6bf4b79e8f1 2008.0/i586/dbus-1.0.2-10.3mdv2008.0.i586.rpm abfcbe2261e69ce5df6c9fbbb82fbab9 2008.0/i586/dbus-x11-1.0.2-10.3mdv2008.0.i586.rpm e04213f6dac50b0c287006ff57c1f996 2008.0/i586/libdbus-1_3-1.0.2-10.3mdv2008.0.i586.rpm 175dfa98c5a745bfd1600ae0f7762c5c 2008.0/i586/libdbus-1_3-devel-1.0.2-10.3mdv2008.0.i586.rpm a6cb2643f7bc8dbdb07a543409bed40b 2008.0/SRPMS/dbus-1.0.2-10.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b46a4d074a675a25ac84f6732e6c8871 2008.0/x86_64/dbus-1.0.2-10.3mdv2008.0.x86_64.rpm 226392774b33b7d1d3ba7335e28afb18 2008.0/x86_64/dbus-x11-1.0.2-10.3mdv2008.0.x86_64.rpm 8a7f98b123c9c9e88fe5fb4b2309adc8 2008.0/x86_64/lib64dbus-1_3-1.0.2-10.3mdv2008.0.x86_64.rpm 8226572ecedf628042d43ea4b21d1ab0 2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.3mdv2008.0.x86_64.rpm a6cb2643f7bc8dbdb07a543409bed40b 2008.0/SRPMS/dbus-1.0.2-10.3mdv2008.0.src.rpm Mandriva Linux 2008.1: f44638434665041b0c082f3d2621e0ff 2008.1/i586/dbus-1.1.20-5.1mdv2008.1.i586.rpm 75e7d341786089e9410d80af6c50e90a 2008.1/i586/dbus-x11-1.1.20-5.1mdv2008.1.i586.rpm f148fb013796617ad2426756d5914dd0 2008.1/i586/libdbus-1_3-1.1.20-5.1mdv2008.1.i586.rpm 1c30ba194643108bae7fe38228157691 2008.1/i586/libdbus-1-devel-1.1.20-5.1mdv2008.1.i586.rpm a74cf7a5ae6427e0b3a7e387540e6d55 2008.1/SRPMS/dbus-1.1.20-5.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 91b111e4298984d5cfe51706b64d07dd 2008.1/x86_64/dbus-1.1.20-5.1mdv2008.1.x86_64.rpm b1627308cb9dfcf93b2eb8e59d8b1c79 2008.1/x86_64/dbus-x11-1.1.20-5.1mdv2008.1.x86_64.rpm b41e2ebdb48617ee523bc6a5a47aa567 2008.1/x86_64/lib64dbus-1_3-1.1.20-5.1mdv2008.1.x86_64.rpm 35f9609ccd79ad79c4f0ec60559948a1 2008.1/x86_64/lib64dbus-1-devel-1.1.20-5.1mdv2008.1.x86_64.rpm a74cf7a5ae6427e0b3a7e387540e6d55 2008.1/SRPMS/dbus-1.1.20-5.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 9b5d7c9beac341543c08bfb60622b1d2 2009.0/i586/dbus-1.2.3-2.1mdv2009.0.i586.rpm a06cbb82b1029a3c4ba2b0b5cdeb5348 2009.0/i586/dbus-x11-1.2.3-2.1mdv2009.0.i586.rpm 792d37202f7782bf25c7a806bdd3e6ff 2009.0/i586/libdbus-1_3-1.2.3-2.1mdv2009.0.i586.rpm b122d9c75a13ce7d03cf705e3e6e1011 2009.0/i586/libdbus-1-devel-1.2.3-2.1mdv2009.0.i586.rpm 789c0a12c1e14968b364c296b1a81278 2009.0/SRPMS/dbus-1.2.3-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f6f343d89dbc2ee0c5d44f8ee0d91648 2009.0/x86_64/dbus-1.2.3-2.1mdv2009.0.x86_64.rpm 3dc65757a0631ef1593150b56cda2176 2009.0/x86_64/dbus-x11-1.2.3-2.1mdv2009.0.x86_64.rpm f1b2f70268553ebbdad7459b1e9957be 2009.0/x86_64/lib64dbus-1_3-1.2.3-2.1mdv2009.0.x86_64.rpm 421d70189a8fd14d79f02c01138ae586 2009.0/x86_64/lib64dbus-1-devel-1.2.3-2.1mdv2009.0.x86_64.rpm 789c0a12c1e14968b364c296b1a81278 2009.0/SRPMS/dbus-1.2.3-2.1mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFI9iibmqjQ0CJFipgRAsjUAJsGSDl/T5JqJg0soVrNTCjjA/OjAACgtwvD E/GjNt9M7Qq1awFdoQeOpU4= =lJFx -----END PGP SIGNATURE-----