CVE-2011-2200
Published: 22 June 2011
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
Priority
Status
Package | Release | Status |
---|---|---|
dbus Launchpad, Ubuntu, Debian |
hardy |
Released
(1.1.20-1ubuntu3.5)
|
lucid |
Released
(1.2.16-2ubuntu4.3)
|
|
maverick |
Released
(1.4.0-0ubuntu1.3)
|
|
natty |
Released
(1.4.6-1ubuntu6.1)
|
|
upstream |
Released
(1.4.12-1)
|
|
Patches: upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7 |