CVE-2014-3532

Priority
Medium
Description
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux
2.6.37-rc4 or later, allows local users to cause a denial of service
(system-bus disconnect of other services or applications) by sending a
message containing a file descriptor, then exceeding the maximum recursion
depth before the initial message is forwarded.
References
Bugs
Notes
 mdeslaur> 1.3.0 and newer only
Assigned-to
mdeslaur
Package
Source: dbus (LP Ubuntu Debian)
Upstream:released (1.8.6-1, 1.8.6, 1.6.22)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.18-1ubuntu1.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.18-0ubuntu4.1)
Patches:
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=9ca90648fc870c24d852ce6d7ce9387a9fc9a94a (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=8c7176019fbc2e8fee41d93ce82ac2603fe57d67 (1.6)
More Information

Updated: 2016-03-23 03:41:20 UTC (commit 10817)