Bug 7059

Summary: dbus missing update for security issue CVE-2011-2200
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, stormi-mageia, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/451354/
Whiteboard: has_procedure MGA1-32-OK MGA1-64-OK
Source RPM: dbus-1.4.1-3.mga1.src.rpm CVE:
Status comment:

Description David Walser 2012-08-14 21:03:59 CEST 
Fedora has issued an advisory on July 31, 2011:
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html

Patched package uploaded for Mageia 1.

Advisory:
========================

Updated dbus packages fix security vulnerability:

A denial of service flaw was found in the way the D-Bus library handled
endianness conversion when receiving messages. A local user could use this
flaw to send a specially-crafted message to dbus-daemon or to a service
using the bus, such as Avahi or NetworkManager, possibly causing the
daemon to exit or the service to disconnect from the bus (CVE-2011-2200).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2200
https://rhn.redhat.com/errata/RHSA-2011-1132.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html
========================

Updated packages in core/updates_testing:
========================
dbus-1.4.1-3.1.mga1
libdbus-1_3-1.4.1-3.1.mga1
libdbus-1-devel-1.4.1-3.1.mga1
dbus-x11-1.4.1-3.1.mga1
dbus-doc-1.4.1-3.1.mga1

from dbus-1.4.1-3.1.mga1.src.rpm
Comment 1 David Walser 2012-08-14 21:06:36 CEST 
I can verify this fixes the issue, via the reproducer posted at the RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=712676#c6

Instructions on using it are in the subsequent comments.

To get marshal.c to compile, you will need to remove line 27:
#include "config.h"

You will also need libglib2.0-devel and libdbus-1-devel installed.

Whiteboard: (none) => has_procedure

Comment 2 Samuel Verschelde 2012-08-16 20:43:33 CEST 
Testing through David's reproducer procedure OK. For regression testing I guess rebooting and seeing no regression in normal use is OK, since dbus is a core component to many things.

[samuel@localhost QA]$ ./marshal
/demarshal/le: OK
/demarshal/be: **
ERROR:marshal.c:194:test_endian: assertion failed (get_uint32 (output, OFFSET_BODY_LENGTH, output[0]) == 8): (134217728 == 8)
Abandon
[samuel@localhost QA]$ ./marshal
/demarshal/le: OK
/demarshal/be: OK
/demarshal/needed/le: OK
/demarshal/needed/be: OK

CC: (none) => stormi
Whiteboard: has_procedure => has_procedure MGA1-32-OK

Comment 3 Dave Hodgins 2012-08-17 01:22:58 CEST 
Testing complete on x86-64.

I'd like to hold off a few days before validating the update, to allow
for more regression testing though.

CC: (none) => davidwhodgins
Whiteboard: has_procedure MGA1-32-OK => has_procedure MGA1-32-OK MGA1-64-OK

Comment 4 Dave Hodgins 2012-08-22 02:24:49 CEST 
Validating the update.

Could someone from the sysadmin team push the srpm
dbus-1.4.1-3.1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated dbus packages fix security vulnerability:

A denial of service flaw was found in the way the D-Bus library handled
endianness conversion when receiving messages. A local user could use this
flaw to send a specially-crafted message to dbus-daemon or to a service
using the bus, such as Avahi or NetworkManager, possibly causing the
daemon to exit or the service to disconnect from the bus (CVE-2011-2200).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2200
https://rhn.redhat.com/errata/RHSA-2011-1132.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html

https://bugs.mageia.org/show_bug.cgi?id=7059

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2012-08-23 10:03:46 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0233

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED