PublicDateAtUSN: 2014-07-02
Candidate: CVE-2014-3533
PublicDate: 2014-07-19 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533
 http://openwall.com/lists/oss-security/2014/07/02/4
 https://ubuntu.com/security/notices/USN-2275-1
Description:
 dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause
 a denial of service (disconnect) via a certain sequence of crafted messages
 that cause the dbus-daemon to forward a message containing an invalid file
 descriptor.
Ubuntu-Description:
Notes:
 mdeslaur> 1.3.0 and newer only
Bugs:
 https://bugs.freedesktop.org/show_bug.cgi?id=80469
Priority: medium
Discovered-by: Alban Crequy
Assigned-to: mdeslaur
CVSS: 

Patches_dbus:
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=07f4c12efe3b9bd45d109bc5fbaf6d9dbf69d78e (1.8)
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b9c338e32390f953d4c9772daef31187a117b376 (1.6)
upstream_dbus: released (1.8.6-1, 1.8.6, 1.6.22)
lucid_dbus: not-affected (1.2.16-2ubuntu4.7)
precise_dbus: released (1.4.18-1ubuntu1.5)
saucy_dbus: released (1.6.12-0ubuntu10.1)
trusty_dbus: released (1.6.18-0ubuntu4.1)
trusty/esm_dbus: released (1.6.18-0ubuntu4.1)
devel_dbus: released (1.6.18-0ubuntu9)