1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200901-04 / dbus |
| Release Date | January 11, 2009 |
| Latest Revision | January 11, 2009: 01 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| sys-apps/dbus | < 1.2.3-r1 | >= 1.2.3-r1 | All supported architectures |
Related bugreports: #240308
An error condition can cause D-Bus to crash.
D-Bus is a daemon providing a framework for applications to communicate with one another.
schelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature.
A local user could send a specially crafted message to the D-Bus daemon, leading to a Denial of Service.
There is no known workaround at this time.
All D-Bus users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.2.3-r1" |