PublicDateAtUSN: 2014-09-17
Candidate: CVE-2014-3638
PublicDate: 2014-09-22 15:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638
 http://www.openwall.com/lists/oss-security/2014/09/16/9
 https://ubuntu.com/security/notices/USN-2352-1
Description:
 The bus_connections_check_reply function in config-parser.c in D-Bus before
 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of
 service (CPU consumption) via a large number of method calls.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.freedesktop.org/show_bug.cgi?id=81053
Priority: medium
Discovered-by: Alban Crequy
Assigned-to: mdeslaur
CVSS: 

Patches_dbus:
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=5bc7f9519ebc6117ba300c704794b36b87c2194b (1.8)
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=6060aaa0ea1e9bbe1dd7a1864c8df52e333a45ee (1.6)
upstream_dbus: released (1.6.24,1.8.8)
lucid_dbus: released (1.2.16-2ubuntu4.8)
precise_dbus: released (1.4.18-1ubuntu1.6)
trusty_dbus: released (1.6.18-0ubuntu4.2)
trusty/esm_dbus: released (1.6.18-0ubuntu4.2)
devel_dbus: not-affected (1.8.8-1ubuntu1)