1. Ubuntu Security Notices
  2. USN-1044-1

USN-1044-1: D-Bus vulnerability

Publication date

18 January 2011

Overview

A local attacker could send crafted input to D-Bus and cause it to crash.

Releases

Packages

  • dbus - simple interprocess messaging system

Details

Remi Denis-Courmont discovered that D-Bus did not properly validate the
number of nested variants when validating D-Bus messages. A local attacker
could exploit this to cause a denial of service.

Remi Denis-Courmont discovered that D-Bus did not properly validate the
number of nested variants when validating D-Bus messages. A local attacker
could exploit this to cause a denial of service.

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.10 karmic libdbus-1-3 –  1.2.16-0ubuntu9.1
8.04 hardy libdbus-1-3 –  1.1.20-1ubuntu3.4
10.10 maverick libdbus-1-3 –  1.4.0-0ubuntu1.1
10.04 lucid libdbus-1-3 –  1.2.16-2ubuntu4.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›