Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-653-1: D-Bus vulnerabilities
Special Forums Cybersecurity Security Advisories (RSS) USN-653-1: D-Bus vulnerabilities Post 302246837 by Linux Bot on Tuesday 14th of October 2008 01:40:04 PM
Old 10-14-2008
USN-653-1: D-Bus vulnerabilities
Referenced CVEs:
CVE-2008-0595, CVE-2008-3834


Description:
=========================================================== Ubuntu Security Notice USN-653-1 October 14, 2008 dbus vulnerabilities CVE-2008-0595, CVE-2008-3834 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdbus-1-2 0.60-6ubuntu8.3 Ubuntu 7.04: libdbus-1-3 1.0.2-1ubuntu4.2 Ubuntu 7.10: libdbus-1-3 1.1.1-3ubuntu4.2 Ubuntu 8.04 LTS: libdbus-1-3 1.1.20-1ubuntu3.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Havoc Pennington discovered that the D-Bus daemon did not correctly validate certain security policies. If a local user sent a specially crafted D-Bus request, they could bypass security policies that had a "send_interface" defined. (CVE-2008-0595) It was discovered that the D-Bus library did not correctly validate certain corrupted signatures. If a local user sent a specially crafted D-Bus request, they could crash applications linked against the D-Bus library, leading to a denial of service. (CVE-2008-3834)





More...
 

LEARN ABOUT DEBIAN

syncpackage

SYNCPACKAGE(1)						      General Commands Manual						    SYNCPACKAGE(1)

NAME

       syncpackage - copy source packages from Debian to Ubuntu

SYNOPSIS

       syncpackage [options] <.dsc URL/path or package name>

DESCRIPTION

       syncpackage causes a source package to be copied from Debian to Ubuntu.

       syncpackage  allows you to upload files with the same checksums of the Debian ones, as the common script used by Ubuntu archive administra-
       tors does, this way you can preserve source files integrity between the two distributions.

       syncpackage will detect source tarballs with mismatching checksums, and can perform fake syncs.

WARNING

       The use of syncpackage --no-lp, which generates a changes file to be directly uploaded to the Ubuntu primary archive or a PPA, is  discour-
       aged  by the Ubuntu Archive Administrators, as it introduces an unnecessary window for error.  This only exists for backward compatibility,
       for unusual corner cases (such as fakesyncs), and for uploads to archives other than the Ubuntu primary archive.  Omitting this option will
       cause Launchpad to perform the sync request directly, which is the preferred method for uploads to the Ubuntu primary archive.

OPTIONS

       -h, --help
	      Show help message and exit

       -d DIST, --distribution=DIST
	      Debian distribution to sync from. Default is testing during LTS cycles, and unstable otherwise.

       -r RELEASE, --release=RELEASE
	      Specify target Ubuntu release. Default: current development release.

       -V DEBVERSION, --debian-version=DEBVERSION
	      Specify the version to sync from.

       -c COMPONENT, --component=COMPONENT
	      Specify the component to sync from.

       -b BUG, --bug=BUG
	      Mark a Launchpad bug as being fixed by this upload.

       -s USERNAME, --sponsor=USERNAME
	      Sponsor the sync for USERNAME (a Launchpad username).

       -v, --verbose
	      Display more progress information.

       -F, --fakesync
	      Perform  a  fakesync, to work around a tarball mismatch between Debian and Ubuntu.  This option ignores blacklisting, and performs a
	      local sync.  It implies --no-lp, and will leave a signed .changes file for you to upload.

       -f, --force
	      Force sync over the top of Ubuntu changes.

       --no-conf
	      Do not read any configuration files, or configuration from environment variables.

       -l INSTANCE, --lpinstance=INSTANCE
	      Launchpad instance to connect to (default: production).

       --simulate
	      Show what would be done, but don't actually do it.

LOCAL SYNC PREPARATION OPTIONS

       Options that only apply when using --no-lp:

       --no-lp
	      Construct sync locally, rather than letting Launchpad copy the package directly.	It will leave a signed .changes file  for  you	to
	      upload.  See the WARNING above.

       -n UPLOADER_NAME, --uploader-name=UPLOADER_NAME
	      Use UPLOADER_NAME as the name of the maintainer for this upload instead of evaluating DEBFULLNAME and UBUMAIL.  This option may only
	      be used in --no-lp mode.

       -e UPLOADER_EMAIL, --uploader-email=UPLOADER_EMAIL
	      Use UPLOADER_EMAIL as the email address of the maintainer for this upload instead of evaluating DEBEMAIL and UBUMAIL.   This  option
	      may only be used in --no-lp mode.

       -k KEYID, --key=KEYID
	      Specify the key ID to be used for signing.

       --dont-sign
	      Do not sign the upload.

       -d DEBIAN_MIRROR, --debian-mirror=DEBIAN_MIRROR
	      Use the specified mirror.  Should be in the form http://ftp.debian.org/debian.  If the package isn't found on this mirror, syncpack-
	      age will fall back to the default mirror.

       -s UBUNTU_MIRROR, --debsec-mirror=UBUNTU_MIRROR
	      Use the specified Debian security mirror.  Should be in the form http://archive.ubuntu.com/ubuntu.  If the package  isn't  found	on
	      this mirror, syncpackage will fall back to the default mirror.

ENVIRONMENT

       DEBFULLNAME, DEBEMAIL, UBUMAIL
	      Used to determine the uploader (if not supplied as options).  See ubuntu-dev-tools(5) for details.

       All  of	the  CONFIGURATION  VARIABLES  below are also supported as environment variables.  Variables in the environment take precedence to
       those in configuration files.

CONFIGURATION VARIABLES

       The following variables can be set in the environment or in ubuntu-dev-tools(5) configuration files.  In  each  case,  the  script-specific
       variable takes precedence over the package-wide variable.

       SYNCPACKAGE_DEBIAN_MIRROR, UBUNTUTOOLS_DEBIAN_MIRROR
	      The default value for --debian-mirror.

       SYNCPACKAGE_UBUNTU_MIRROR, UBUNTUTOOLS_DEBSEC_MIRROR
	      The default value for --ubuntu-mirror.

       SYNCPACKAGE_KEYID, UBUNTUTOOLS_KEYID
	      The default value for --key.

SEE ALSO

       requestsync(1), ubuntu-dev-tools(5)

AUTHOR

       syncpackage was written by Martin Pitt <martin.pitt@canonical.com> and Benjamin Drung <bdrung@ubuntu.com>.

       This manual page were written by Luca Falavigna <dktrkranz@ubuntu.com>

       Both are released under GNU General Public License, version 3.

ubuntu-dev-tools						     June 2010							    SYNCPACKAGE(1)
All times are GMT -4. The time now is 10:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy