Hide Forgot
A denial of service flaw was found in the way UNIX system D-BUS format string wrapper implementation of D-BUS, a system for sending messages between applications, used to measure the length of the provided format string and its arguments in certain circumstances. A remote attacker could supply a specially-crafted input to an application / service, utilizing the services / functionality of the libdbus library that, when processed would lead to that application / service crash. References: [1] http://www.openwall.com/lists/oss-security/2013/06/13/2 Relevant upstream patch: [2] http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
Original upstream report for the issue that led to introduction of this problem: [3] https://bugs.freedesktop.org/show_bug.cgi?id=11668 Upstream patch that introduced the issue (dbus-1.4.16 and dbus-1.5.8): [4] http://cgit.freedesktop.org/dbus/dbus/commit/?id=7fc9c026669976463adcd1e02ad19c582ed27289
This issue did NOT affect the versions of the dbus package, as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not introduce the upstream change [4] yet). -- This issue did NOT affect the version of the dbus package, as shipped with Fedora release of 17 (as it did not introduce the upstream change [4] yet). -- This issue affects the version of the dbus package, as shipped with Fedora release of 18. Please schedule an update.
Created dbus tracking bugs for this issue Affects: fedora-18 [bug 974128]
Statement: Not vulnerable. This issue did not affect the versions of dbus as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the upstream commit 7fc9c026669976463adcd1e02ad19c582ed27289 that introduced this issue.
https://admin.fedoraproject.org/updates/dbus-1.6.12-1.fc19
dbus-1.6.12-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.