CVE-2014-3533

Priority
Medium
Description
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause
a denial of service (disconnect) via a certain sequence of crafted messages
that cause the dbus-daemon to forward a message containing an invalid file
descriptor.
References
Bugs
Notes
mdeslaur> 1.3.0 and newer only
Assigned-to
mdeslaur
Package
Source: dbus (LP Ubuntu Debian)
Upstream:released (1.8.6-1, 1.8.6, 1.6.22)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (1.2.16-2ubuntu4.7)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.18-1ubuntu1.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.18-0ubuntu4.1)
Ubuntu 14.10 (Utopic Unicorn):released (1.6.18-0ubuntu9)
Patches:
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=07f4c12efe3b9bd45d109bc5fbaf6d9dbf69d78e (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b9c338e32390f953d4c9772daef31187a117b376 (1.6)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-23 19:14:32 UTC (commit 8271)