エラータID: AXSA:2020-600:03

Release date: 
Tuesday, October 6, 2020 - 12:22
Affected Channels: 
Asianux Server 7 for x86_64

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Security Fix(es):

* dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.


Update packages.

Additional Info: 



  1. dbus-1.10.24-15.el7.src.rpm
    MD5: 3c102df244034d682fb5db44d69f0635
    SHA-256: c05853ba9dd59674e30729228008302373be8f88cfe1f64383cebc84de047a1f
    Size: 1.96 MB

Asianux Server 7 for x86_64
  1. dbus-1.10.24-15.el7.x86_64.rpm
    MD5: bb75a161d5e3225127e283cb9e57ea7d
    SHA-256: 6f663bd5180f64a69de816f7dcb60c508491c66629c9aa1dbf3b2c7329291f2a
    Size: 240.48 kB
  2. dbus-devel-1.10.24-15.el7.x86_64.rpm
    MD5: d5b585d15300eee05e2b80f0222b80f7
    SHA-256: 1870b2148ed0d03990f41aaf18601b7e0a29c3012ab6e2ff6fa43017edc1a74f
    Size: 53.27 kB
  3. dbus-libs-1.10.24-15.el7.x86_64.rpm
    MD5: 5fc73ccd852999614d1414db6768d23f
    SHA-256: 49474586805407d60e8cbd63771abc116a51185c98de3accfc6eea39c324f1fa
    Size: 168.47 kB
  4. dbus-x11-1.10.24-15.el7.x86_64.rpm
    MD5: b75086661df1c141c06f34a6158f848b
    SHA-256: d309c445999b8250359d03e7f8abdea5b297fd9ca4ff2f5e4940455785859c45
    Size: 47.05 kB
  5. dbus-devel-1.10.24-15.el7.i686.rpm
    MD5: eb1e35e197d53d1f6295df6cb87feff1
    SHA-256: 35215435eb2b3ef65bb2a99e312783b35d4a3b5225959a654c6e918557e6bdcd
    Size: 53.30 kB
  6. dbus-libs-1.10.24-15.el7.i686.rpm
    MD5: b3f7692033e242e2de97e19a2751f828
    SHA-256: 09d62ccebb179c8700bf7c2c7febdac209a02ad21ea2ee7aec66ebee84d41713
    Size: 168.99 kB