Oval Definition:oval:com.redhat.rhsa:def:20050102
Revision Date:2005-06-08Version:502
Title:RHSA-2005:102: dbus security update. (Low)
Description:D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility.

Dan Reed discovered that a user can send and listen to messages on another user's per-user session bus if they know the address of the socket. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0201 to this issue. In Red Hat Enterprise Linux 4, the per-user session bus is only used for printing notifications, therefore this issue would only allow a local user to examine or send additional print notification messages.

Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2005-0201
RHSA-2005:102-01
Platform(s):Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 4 is installed
  • AND Package Information
  • dbus-x11 is earlier than 0:0.22-12.EL.2
  • AND dbus-x11 is signed with Red Hat master key
  • OR
  • dbus-python is earlier than 0:0.22-12.EL.2
  • AND dbus-python is signed with Red Hat master key
  • OR
  • dbus-devel is earlier than 0:0.22-12.EL.2
  • AND dbus-devel is signed with Red Hat master key
  • OR
  • dbus is earlier than 0:0.22-12.EL.2
  • AND dbus is signed with Red Hat master key
  • OR
  • dbus-glib is earlier than 0:0.22-12.EL.2
  • AND dbus-glib is signed with Red Hat master key
    • BACK