+++ This bug was initially created as a clone of Bug #218055 +++ Kimmo Hämäläinen reported a DoS flaw in D-Bus to the freedesktop.org bugzilla. To quote his bug: I found a nasty bug from match_rule_equal() that can cause matches to be removed from another connections (thanks goes to other guys for finding reproducable use case for the bug). This flaw can cause a local user to disable the the ability of another process to receive certain messages. This flaw does not contain any potential for arbitrary code execution. Here is a more details description from Kimmo: We don't have the software public yet, but the use case was the following. There are three processes A, B, and C. All of them add the same match (same value). A is started first, then B, and lastly C. Now, B and C are closed: if B is closed before C, A's match is removed; but if C is closed before B, A's match is not removed (no buggy behaviour). (B and C call dbus_bus_remove_match on exit.)
Will schedule package update * Fri Dec 15 2006 David Zeuthen <davidz> - 1.0.1-7%{?dist} - CVE-2006-6107: D-Bus denial of service - Resolves: #219665
David: Probably the issue is fixed in dbus-1.0.1-12.fc6, right? Is there any reason for not closing this bug?