dbus-1.10.24-15.el7

エラータID: AXSA:2020-600:03

Release date: 
Tuesday, October 6, 2020 - 12:22
Subject: 
dbus-1.10.24-15.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Security Fix(es):

* dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-12749
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. dbus-1.10.24-15.el7.src.rpm
    MD5: 3c102df244034d682fb5db44d69f0635
    SHA-256: c05853ba9dd59674e30729228008302373be8f88cfe1f64383cebc84de047a1f
    Size: 1.96 MB

Asianux Server 7 for x86_64
  1. dbus-1.10.24-15.el7.x86_64.rpm
    MD5: bb75a161d5e3225127e283cb9e57ea7d
    SHA-256: 6f663bd5180f64a69de816f7dcb60c508491c66629c9aa1dbf3b2c7329291f2a
    Size: 240.48 kB
  2. dbus-devel-1.10.24-15.el7.x86_64.rpm
    MD5: d5b585d15300eee05e2b80f0222b80f7
    SHA-256: 1870b2148ed0d03990f41aaf18601b7e0a29c3012ab6e2ff6fa43017edc1a74f
    Size: 53.27 kB
  3. dbus-libs-1.10.24-15.el7.x86_64.rpm
    MD5: 5fc73ccd852999614d1414db6768d23f
    SHA-256: 49474586805407d60e8cbd63771abc116a51185c98de3accfc6eea39c324f1fa
    Size: 168.47 kB
  4. dbus-x11-1.10.24-15.el7.x86_64.rpm
    MD5: b75086661df1c141c06f34a6158f848b
    SHA-256: d309c445999b8250359d03e7f8abdea5b297fd9ca4ff2f5e4940455785859c45
    Size: 47.05 kB
  5. dbus-devel-1.10.24-15.el7.i686.rpm
    MD5: eb1e35e197d53d1f6295df6cb87feff1
    SHA-256: 35215435eb2b3ef65bb2a99e312783b35d4a3b5225959a654c6e918557e6bdcd
    Size: 53.30 kB
  6. dbus-libs-1.10.24-15.el7.i686.rpm
    MD5: b3f7692033e242e2de97e19a2751f828
    SHA-256: 09d62ccebb179c8700bf7c2c7febdac209a02ad21ea2ee7aec66ebee84d41713
    Size: 168.99 kB