PublicDateAtUSN: 2014-07-02
Candidate: CVE-2014-3532
PublicDate: 2014-07-19 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532
 http://openwall.com/lists/oss-security/2014/07/02/4
 https://ubuntu.com/security/notices/USN-2275-1
Description:
 dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux
 2.6.37-rc4 or later, allows local users to cause a denial of service
 (system-bus disconnect of other services or applications) by sending a
 message containing a file descriptor, then exceeding the maximum recursion
 depth before the initial message is forwarded.
Ubuntu-Description:
Notes:
 mdeslaur> 1.3.0 and newer only
Bugs:
 https://bugs.freedesktop.org/show_bug.cgi?id=80163
Priority: medium
Discovered-by: Alban Crequy
Assigned-to: mdeslaur
CVSS: 

Patches_dbus:
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=9ca90648fc870c24d852ce6d7ce9387a9fc9a94a (1.8)
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=8c7176019fbc2e8fee41d93ce82ac2603fe57d67 (1.6)
upstream_dbus: released (1.8.6-1, 1.8.6, 1.6.22)
lucid_dbus: not-affected (1.2.16-2ubuntu4.7)
precise_dbus: released (1.4.18-1ubuntu1.5)
saucy_dbus: released (1.6.12-0ubuntu10.1)
trusty_dbus: released (1.6.18-0ubuntu4.1)
trusty/esm_dbus: released (1.6.18-0ubuntu4.1)
devel_dbus: released (1.6.18-0ubuntu9)