advisories/10520.adv

type: security
subject: Updated dbus packages fix security vulnerability
CVE:
 - CVE-2013-2168
src:
  2:
   core:
     - dbus-1.4.16-5.2.mga2
  3:
   core:
     - dbus-1.6.8-4.1.mga3
description: |
  Alexandru Cornea discovered a vulnerability in libdbus caused by an
  implementation bug in _dbus_printf_string_upper_bound(). This
  vulnerability can be exploited by a local user to crash system services
  that use libdbus, causing denial of service. Depending on the dbus
  services running, it could lead to complete system crash (CVE-2013-2168).

  This problem only currently appears to affect the x86_64 version of Mageia
  but we advise that all systems should be updated.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10520
 - http://www.debian.org/security/2013/dsa-2707
ID: MGASA-2013-0173
1	boklm	29	type: security
2			subject: Updated dbus packages fix security vulnerability
3			CVE:
4			- CVE-2013-2168
5			src:
6			2:
7			core:
8			- dbus-1.4.16-5.2.mga2
9			3:
10			core:
11			- dbus-1.6.8-4.1.mga3
12			description: \|
13			Alexandru Cornea discovered a vulnerability in libdbus caused by an
14			implementation bug in _dbus_printf_string_upper_bound(). This
15			vulnerability can be exploited by a local user to crash system services
16			that use libdbus, causing denial of service. Depending on the dbus
17			services running, it could lead to complete system crash (CVE-2013-2168).
18
19			This problem only currently appears to affect the x86_64 version of Mageia
20			but we advise that all systems should be updated.
21			references:
22			- https://bugs.mageia.org/show_bug.cgi?id=10520
23			- http://www.debian.org/security/2013/dsa-2707
24	boklm	38	ID: MGASA-2013-0173