CVE-2014-3637

Priority
Medium
Description
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not
properly close connections for processes that have terminated, which allows
local users to cause a denial of service via a D-bus message containing a
D-Bus connection file descriptor.
References
Bugs
Notes
 mdeslaur> only affects >= 1.3.0
Assigned-to
mdeslaur
Package
Source: dbus (LP Ubuntu Debian)
Upstream:released (1.6.24,1.8.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.18-0ubuntu4.2)
Patches:
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=995734750cea65012537748ee56488c707d2f027 (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=8021fd84267ee1394d96f4a119adb57de3971a62 (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=e0c9d31be3b9eea9ee2a3a255bc2cf9aad713642 (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=e17a921be676bcc89373ec1a9f368fe8b36f1073 (1.6)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=52abb5172f7426bb3f1dbe63a2b3a2d2ea7e7ac2 (1.6)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=01e32d6ddcfdcbd63cf1c8053f6e5d2ffdfbaa91 (1.6)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b027c421de0bc3858cc1139149c613958100c2bd (1.6)
More Information

Updated: 2017-08-11 23:52:10 UTC (commit 13081)