FS#23810 - D-BUS 1.4.0 and 1.2.24 are vulnerable; other versions may also be affected local DoS
Attached to Project:
Arch Linux
Opened by synflag (synflag) - Sunday, 17 April 2011, 17:04 GMT
Last edited by Angel Velasquez (angvp) - Sunday, 17 April 2011, 17:26 GMT
Opened by synflag (synflag) - Sunday, 17 April 2011, 17:04 GMT
Last edited by Angel Velasquez (angvp) - Sunday, 17 April 2011, 17:26 GMT
|
Details
Description:
dbus version 1.4.x is affected by a local DoS and privilegies escalation -possible-. References: http://www.securityfocus.com/bid/45377/info http://lists.freedesktop.org/archives/dbus/2010-December/013822.html http://www.remlab.net/op/dbus-variant-recursion.shtml ------------------------- ArchLinux stable have version 1.4.1 of dbus Vulnerable D-BUS D-Bus 1.4 D-BUS D-Bus 1.2.24 D-Bus is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to crash the application, denying service to legitimate users. D-BUS 1.4.0 and 1.2.24 are vulnerable; other versions may also be affected. New version of dbus stable is 1.4.8: http://dbus.freedesktop.org/releases/dbus/dbus-1.4.8.tar.gz Additional info: * package version(s) * config and/or log files etc. Steps to reproduce: |
This task depends upon
Closed by Angel Velasquez (angvp)
Sunday, 17 April 2011, 17:26 GMT
Reason for closing: Not a bug
Additional comments about closing: D-Bus release version 1.4.1 includes a fix for this issue
Sunday, 17 April 2011, 17:26 GMT
Reason for closing: Not a bug
Additional comments about closing: D-Bus release version 1.4.1 includes a fix for this issue