| |||||||||||||||||||
Pardus alert 2011-93 (dbus)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-93 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-07-11 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in d-bus. Description =========== CVE-2011-2200: It was found that D-BUS message bus service / messaging facility did not update the byte-order flag of the message properly by swapping the byte order of incoming messages into their native endiannes. A local, authenticated user could use this flaw to send a specially-crafted message to a system service (like Avahi or NetworkManager), using the system bus, potentially leading to disconnect of such a service from system bus (denial of service). Affected packages: Pardus 2009: dbus, all before 1.2.4.6-47-9 Resolution ========== There are update(s) for dbus. You can update them via Package Manager or with a single command from console: pisi up dbus References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18386 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938 * https://bugs.freedesktop.org/show_bug.cgi?id=38120 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||