Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-2168

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

Related bugs and status

CVE-2013-2168 (Candidate) is related to these bugs:

Bug #1320422: Please merge dbus 1.8.6-1 (main) from Debian testing (main)

Summary				In	Importance	Status
	1320422	Please merge dbus 1.8.6-1 (main) from Debian testing (main)		dbus (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [dbus] 20130613 CVE-20...
MLIST: [oss-security] 2013061...
CONFIRM: http://cgit.freedeskto...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-2707
FEDORA: FEDORA-2013-11142
FEDORA: FEDORA-2013-11198
MANDRIVA: MDVSA-2013:177
SUSE: openSUSE-SU-2013:1118
UBUNTU: USN-1874-1
BID: 60546
SECTRACK: 1028667
SECUNIA: 53317
SECUNIA: 53832
SUSE: openSUSE-SU-2014:1239
OVAL: oval:org.mitre.oval:de...