Red Hat Security Advisory 2023-4498-01

Red Hat Security Advisory 2023-4498-01: Posted Aug 7, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-34969; SHA-256 | 397889406688a807742abc922cf0a807e6037293cc4f31853dfdc1da767190c0; Download | Favorite | View

Red Hat Security Advisory 2023-4498-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: dbus security update
Advisory ID:       RHSA-2023:4498-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4498
Issue date:        2023-08-07
CVE Names:         CVE-2023-34969
====================================================================
1. Summary:

An update for dbus is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

D-Bus is a system for sending messages between applications. It is used
both for the system-wide message bus service, and as a
per-user-login-session messaging facility.

Security Fix(es):

* dbus: dbus-daemon: assertion failure when a monitor is active and a
message from the driver cannot be delivered (CVE-2023-34969)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all running instances of dbus-daemon and all
running applications using the libdbus library must be restarted, or the
system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2213166 - CVE-2023-34969 dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-debugsource-1.12.8-24.el8_8.1.aarch64.rpm
dbus-devel-1.12.8-24.el8_8.1.aarch64.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-x11-1.12.8-24.el8_8.1.aarch64.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm

ppc64le:
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-debugsource-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-devel-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-x11-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm

s390x:
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-debugsource-1.12.8-24.el8_8.1.s390x.rpm
dbus-devel-1.12.8-24.el8_8.1.s390x.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-x11-1.12.8-24.el8_8.1.s390x.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.s390x.rpm

x86_64:
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-debugsource-1.12.8-24.el8_8.1.i686.rpm
dbus-debugsource-1.12.8-24.el8_8.1.x86_64.rpm
dbus-devel-1.12.8-24.el8_8.1.i686.rpm
dbus-devel-1.12.8-24.el8_8.1.x86_64.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-x11-1.12.8-24.el8_8.1.x86_64.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
dbus-1.12.8-24.el8_8.1.src.rpm

aarch64:
dbus-1.12.8-24.el8_8.1.aarch64.rpm
dbus-daemon-1.12.8-24.el8_8.1.aarch64.rpm
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-debugsource-1.12.8-24.el8_8.1.aarch64.rpm
dbus-libs-1.12.8-24.el8_8.1.aarch64.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-tools-1.12.8-24.el8_8.1.aarch64.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.aarch64.rpm

noarch:
dbus-common-1.12.8-24.el8_8.1.noarch.rpm

ppc64le:
dbus-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-daemon-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-debugsource-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-libs-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-tools-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.ppc64le.rpm

s390x:
dbus-1.12.8-24.el8_8.1.s390x.rpm
dbus-daemon-1.12.8-24.el8_8.1.s390x.rpm
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-debugsource-1.12.8-24.el8_8.1.s390x.rpm
dbus-libs-1.12.8-24.el8_8.1.s390x.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-tools-1.12.8-24.el8_8.1.s390x.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.s390x.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.s390x.rpm

x86_64:
dbus-1.12.8-24.el8_8.1.x86_64.rpm
dbus-daemon-1.12.8-24.el8_8.1.x86_64.rpm
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-daemon-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-debugsource-1.12.8-24.el8_8.1.i686.rpm
dbus-debugsource-1.12.8-24.el8_8.1.x86_64.rpm
dbus-libs-1.12.8-24.el8_8.1.i686.rpm
dbus-libs-1.12.8-24.el8_8.1.x86_64.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-libs-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-tests-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-tools-1.12.8-24.el8_8.1.x86_64.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-tools-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.i686.rpm
dbus-x11-debuginfo-1.12.8-24.el8_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P29AAoJENzjgjWX9erEIpIP/iA+jp4RpqfkakYFyKwh/Ri+
/uBcu4iMdJtLK/gdPGh3EAImZ5yyyunfsd0vFg31QDkO/rTbREaHMJAF/Z/Yk/bH
gY0lm+3ooT/uPV0SS6b3lHMw+JdUNrFXOW7WD4UTGylTrt4zGadPx3buDkFNF2K/
t8ToRWw2gcqP04NZvYCdyAGj+29asS//LMgHkq8V4fxvGDlW/p2rTIQXJg4O0V45
s5c46F3rwpfcx8OKmDSO+EogQosT5dG92YYKTvWRpfujYz2hQMW7WUASajB3eXBZ
sNRMNI/g9wjPNRRPvn2oMNGkcc+sjAHkkI8AS37cafC2HtTIsvlicnE9TPafCnYx
i7TvKqy3/oJ2bx11X99D77tVwlRvXfaKVhCi+qyXA/8SXI6H81OYfjqzL27Gff4Q
/kJmoIob2wWoFlV4zElEBT5ByTI/JZ/T7d6p2cNrIXtajuPWkmF2+Ic3j3XMiQkw
WhjMOuf/fCm3kDuZFDyO5aen6DqEMgvL8GzVN4F1WNtkkG8kqGr+L0MUu2yDvB1L
T+vrTPItN8NqRjImEJwn/rtJRb4sepkTR1hdr0XukaJJiyhdyTOGkOkYvXRCcrqD
NG0AD3gcGKRs8Pg+J2Bbzy4RVnsFlX4+z8Dtomr00Yd8j6H7Ko58Xqgtzuze4z9Z
7mrHj3Q/YVchFCMQTB0l
=Je9q
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Red Hat Security Advisory 2023-4498-01

Red Hat Security Advisory 2023-4498-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-4498-01

Share This

Red Hat Security Advisory 2023-4498-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems