Summary: | sys-apps/dbus <1.2.3-r1 dbus_signature_validate() DoS (CVE-2008-3834) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gentopia |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.freedesktop.org/show_bug.cgi?id=17803 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-10-06 17:53:50 UTC
Arches, please test and mark stable: =sys-apps/dbus-1.2.3-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" ppc64 stable amd64/x86 stable Stable for HPPA. sparc stable alpha/ia64 stable CVE-2008-3834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3834): The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. ppc stable Ready for vote, I vote YES. Ok, YES then. arm/s390/sh stable GLSA 200901-04 |