CVE-2014-3636

Priority
Medium
Description
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local
users to (1) cause a denial of service (prevention of new connections and
connection drop) by queuing the maximum number of file descriptors or (2)
cause a denial of service (disconnect) via multiple messages that combine
to have more than the allowed number of file descriptors for a single
sendmsg call.
References
Bugs
Notes
 mdeslaur> commit in 1.6 seems to have wrong header
 mdeslaur> only affects >= 1.3.0
Assigned-to
mdeslaur
Package
Source: dbus (LP Ubuntu Debian)
Upstream:released (1.6.24,1.8.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.18-0ubuntu4.2)
Patches:
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=6465e37c8ff70a714e302d0c9e6534fa6181fce6 (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=346da99f7620e6901e7c7babd4590fcc5aac32bf (1.6)
More Information

Updated: 2017-08-11 23:52:10 UTC (commit 13081)