=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN047
_____________________________________________________________________

DATE                      : 21/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Debian running dbus versions prior to 1.2.1-5+lenny2,
                              1.2.24-4.

======================================================================
http://lists.debian.org/debian-security-announce/2011/msg00013.html
______________________________________________________________________

- - ---------------------------------------------------------------------------
Debian Security Advisory DSA-2149-1                     security@debian.org
http://www.debian.org/security/                                  Nico Golde
January 20, 2011                         http://www.debian.org/security/faq
- - ---------------------------------------------------------------------------

Package        : dbus
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
Debian bug     : none
CVE ID         : CVE-2010-4352

Rémi Denis-Courmont discovered that dbus, a message bus application,
is not properly limiting the nesting level when examining messages with
extensive nested variants.  This allows an attacker to crash the dbus system
daemon due to a call stack overflow via crafted messages.


For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny2.

For the testing distribution (squeeze), this problem has been fixed in
version 1.2.24-4.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.24-4.


We recommend that you upgrade your dbus packages.

Mailing list: debian-security-announce@lists.debian.org


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================