2004 matches found
[ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:054 http://www.mandriva.com/security/ Package : dbus Date : February 28, 2008 Affected: 2007.0, 2007.1, 2008.0 Problem Description: A vulnerability was discovered by Havoc Pennington in how the dbus-daemon...
Fedora 7 : dbus-1.0.2-7.fc7 (2008-2043)
Wed Feb 27 2008 David Zeuthen - 1.0.2-7.fc7 - CVE-2008-0595 - Fri Jun 22 2007 Matthias Clasen - 1.0.2-6 - Don't require libxml-python needlessly 245300 - Sun Jun 17 2007 Matthias Clasen - 1.0.2-5 - Require pkgconfig in -devel, not in -x11 244385 Note that Tenable Network Security has extracted...
Fedora 8 : dbus-1.1.2-9.fc8 (2008-2070)
Wed Feb 27 2008 David Zeuthen - 1.1.2-9.fc8 - CVE-2008-0595 - Thu Oct 25 2007 Bill Nottingham - 1.1.2-8 - have -libs obsolete older versions of the main package so that yum upgrades work Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Moderate: dbus security update
1.0.0-6.3.el51 - CVE-2008-0595: D-Bus security policy circumvention - Resolves: 432437 1.0.0-6.el51 - CVE-2006-6107: D-Bus denial of service - Resolves: 219601...
RHEL 5 : dbus (RHSA-2008:0159)
Updated dbus packages that fix an issue with circumventing the security policy are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-Bus is a system for sending messages between applications. It is used both for the system-wide...
dbus security policy circumvention
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes sendinterface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface...
Fedora 7 : bind-9.4.1-4.fc7 (2007-0300)
236426 - improved zone-finding on server side rndc freeze works better 235809 - fixed race-condition in dbus code 241103 - fixed typo in bind-chroot-admin 239802 - start using deprecated LDAP API 239149 - handle dynamic zone updates CVE-2007-2241 Note that Tenable Network Security has extracted t...
Avahi DBUS DoS
Empty TXT record causes daemon to crash...
CentOS 4 : dbus (CESA-2007:0008)
Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide...
RHEL 4 : dbus (RHSA-2007:0008)
Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide...
Moderate: dbus security update
0.22-12EL.8 - CVE-2006-6107: D-Bus denial of service - Resolves: 218055...
Fedora Core 6 : dbus-1.0.1-8.fc6 (2006-1475)
Kimmo Hamalainen reported a DoS flaw in D-Bus that can cause a local user to disable the the ability of another process to receive certain messages. This flaw does not contain any potential for arbitrary code execution. Note that Tenable Network Security has extracted the preceding description...
FreeBSD : dbus -- match_rule_equal() Weakness (5b47b70d-8ba9-11db-81d5-00123ffe8333)
Secunia reports : D-Bus have a weakness, which can be exploited by malicious, local users to cause a DoS Denial of Service. An error within the 'matchruleequal' function can be exploited to disable the ability of other processes to receive messages by removing their matches from D-Bus...
CentOS 4 : dbus (CESA-2005:102)
Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message...
Ubuntu 4.10 : dbus vulnerability (USN-144-1)
Besides providing the global system-wide communication bus, dbus also offers per-user 'session' buses which applications in an user's session can create and use to communicate with each other. Daniel Reed discovered that the default configuration of the session dbus allowed a local user to connec...
Fedora Core 4 : dbus-0.33-3.fc4.1 (2005-822)
Mon Aug 29 2005 John J5 Palmieri - 0.33-3.fc4.1 - add patch from 0.2x series that fixes an exploit where users can attach to another user's session bus CVE-2005-0201 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...
CVE-2005-0201
CVE-2005-0201 affects D-BUS (dbus) before 0.22, where insufficient socket access restriction allows a local user to listen to or send arbitrary messages on another user’s per-user session bus if the socket address is known. This is a local-privilege/confidentiality issue. Connected advisories ind...
CVE-2005-0201
D-BUS dbus before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket...
USN-144-1: dbus vulnerability
Besides providing the global system-wide communication bus, dbus also offers per-user "session" buses which applications in an user's session can create and use to communicate with each other. Daniel Reed discovered that the default configuration of the session dbus allowed a local user to connec...
Mandrake Linux Security Advisory : dbus (MDKSA-2005:105)
Dan Reed discovered a vulnerability in the D-BUS system for sending messages between applications. He found that a user can send and listen to messages on another user's per-user session bus if they knew the address of the socket. The updated packages have been patched to correct this problem...