Pardus: 2011-93: D-bus: Denial of Service
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in d-bus.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-93            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-11
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in d-bus.


Description
==========
CVE-2011-2200:

It was found that D-BUS message bus service / messaging facility did not
update the byte-order flag of the message properly by swapping the byte
order of incoming  messages  into  their  native  endiannes.  A  local,
authenticated user could use this  flaw  to  send  a  specially-crafted
message to a system service (like Avahi or NetworkManager),  using  the
system bus, potentially leading to disconnect of such  a  service  from
system bus (denial of service).


Affected packages:

  Pardus 2009:
    dbus, all before 1.2.4.6-47-9


Resolution
=========
There are update(s) for dbus. You can update them via Package Manager or
with a single command from console:

    pisi up dbus

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id386
  * http://bugs.debian.org/cgi-bin/bugreport.cgi?bugb9938
  * https://bugs.freedesktop.org/show_bug.cgi?id8120

------------------------------------------------------------------------