LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:18 (mutter-moblin)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:18.mutter-moblin] mutter-moblin D-Bus
 Message Handling Not Validated 


Date:
    	      Fri, 27 Aug 2010 16:23:07 -0700


Message-ID:
    	      <C89D96EB.363BD%ryan.r.ware@intel.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
==
MeeGo-SA-10:18.mutter-moblin               Security Advisory
                                                                MeeGo
Project

Topic:          mutter-moblin D-Bus Message Handling Not Validated

Category:       UI
Module:         mutter-moblin
Announced:      August 3, 2010
Affects:        MeeGo 1.0
Corrected:      August 3, 2010
MeeGo BID: 3121
CVE:  none

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

Moblin Netbook plugin for Metacity Clutter, aka, Mutter

II.  Problem Description

The DBus message handling in mutter-moblin was not safe.  Crash could
be induced by a simple:

python -c "import dbus; dbus.Interface (dbus.SessionBus ().get_object \
('org.freedesktop.Notifications', '/org/freedesktop/Notifications'), \
'org.freedesktop.Notifications').Notify ('', 0, '', '', '', [''], {}, \
0)"

III. Impact

Potential denial of service

IV.  Workaround

None

V.   Solution

Update to package mutter-moblin-0.75.19-6.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=3121

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (Darwin)

iQEcBAEBAgAGBQJMeEP5AAoJECxjfBlj7RcKECAH/24f+C7JG2TY5n7jTlXwjvR0
lpKJS+Iejy/P4WkdJ1Qm+UMNBArHaaFCaDmMQk/bYPcehM/gH5O8RMc3it/uqULn
X1Gy7WASH+OSSDvOSKQCCpJIsVp5ewSSPEFL3sMQLErtXqsVezxPhe9Dx/DyDgiL
Lss3dp7XIjDqr26tzl+RO2l/5i+lVSnBETGQmsrGB+4Ec2hMhRyou2mLV2imu3/4
T7xVH7o3uklI6IHTlr5SFd6hj5HLi+jsZlg5W8y1eiacXZymRsuHLp8B+5e4Bdbj
0UIsKv/FnxM+GFnTSHGQYCszbnNNhb7lKzlIg8jQdFplW+YNjL1WgxgoZdWCMqE=
=aOC4
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds