Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Debian: DSA-2149-1 Moderate: dbus Denial of Service Threat

debian
Calendar Grey January 20, 2011
Debian Logo
Ubuntu Security Notice USN-2348-1 addresses a systemd vulnerability leading to denial of service. It is essential to update systemd to mitigate risks associated with malformed inputs.
Rémi Denis-Courmont discovered that dbus, a message bus application, is not properly limiting the nesting level when examining messages with extensive nested variants

Summary

Rémi Denis-Courmont discovered that dbus, a message bus application,
is not properly limiting the nesting level when examining messages with
extensive nested variants. This allows an attacker to crash the dbus system
daemon due to a call stack overflow via crafted messages.


For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny2.

For the testing distribution (squeeze), this problem has been fixed in
version 1.2.24-4.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.24-4.


We recommend that you upgrade your dbus packages.



Severity
important
Lowest
Low
Medium
High
Critical

Package: dbus
CVE ID: CVE-2010-4352

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.