Your submission was sent successfully! Close

USN-1044-1: D-Bus vulnerability

18 January 2011

A local attacker could send crafted input to D-Bus and cause it to crash.

Releases

Packages

  • dbus - simple interprocess messaging system

Details

Remi Denis-Courmont discovered that D-Bus did not properly validate the
number of nested variants when validating D-Bus messages. A local attacker
could exploit this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

References