| Description: | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Havoc Pennington discovered a flaw in the way the dbus-daemon applies its security policy. A user with the ability to connect to the dbus-daemon may be able to execute certain method calls they should normally not have permission to access. (CVE-2008-0595)
Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that would allow a user to leverage this flaw to elevate their privileges.
This flaw does not affect the version of D-Bus shipped in Red Hat Enterprise Linux 4.
All users are advised to upgrade to these updated dbus packages, which contain a backported patch and are not vulnerable to this issue.
|