Advisories » MGASA-2013-0173

Updated dbus packages fix security vulnerability

Publication date: 18 Jun 2013
Modification date: 18 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2168

Description

Alexandru Cornea discovered a vulnerability in libdbus caused by an
implementation bug in _dbus_printf_string_upper_bound(). This
vulnerability can be exploited by a local user to crash system services
that use libdbus, causing denial of service. Depending on the dbus
services running, it could lead to complete system crash (CVE-2013-2168).

This problem only currently appears to affect the x86_64 version of Mageia
but we advise that all systems should be updated.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10520
• http://www.debian.org/security/2013/dsa-2707
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168

SRPMS

3/core

• dbus-1.6.8-4.1.mga3

2/core

• dbus-1.4.16-5.2.mga2