User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2011-93 (dbus)

From:  Meltem Parmaksız <meltem@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2011-93] D-bus: Denial of Service
Date:  Tue, 12 Jul 2011 11:26:09 +0300
Message-ID:  <201107121126.10016.meltem@pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-93 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-07-11 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in d-bus. Description =========== CVE-2011-2200: It was found that D-BUS message bus service / messaging facility did not update the byte-order flag of the message properly by swapping the byte order of incoming messages into their native endiannes. A local, authenticated user could use this flaw to send a specially-crafted message to a system service (like Avahi or NetworkManager), using the system bus, potentially leading to disconnect of such a service from system bus (denial of service). Affected packages: Pardus 2009: dbus, all before 1.2.4.6-47-9 Resolution ========== There are update(s) for dbus. You can update them via Package Manager or with a single command from console: pisi up dbus References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18386 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938 * https://bugs.freedesktop.org/show_bug.cgi?id=38120 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds