CVE-2014-3639

Priority
Medium
Description
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not
properly close old connections, which allows local users to cause a denial
of service (incomplete connection consumption and prevention of new
connections) via a large number of incomplete connections.
References
Bugs
Assigned-to
mdeslaur
Package
Source: dbus (LP Ubuntu Debian)
Upstream:released (1.6.24,1.8.8)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.18-1ubuntu1.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.18-0ubuntu4.2)
Patches:
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=54d26df52b6a394bea175651d1d7ad2ab3f87dea (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?id=8ad179a8dad789fc6a5402780044bc0ec3d41115 (1.8)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=a3477feb7aa8658602cceb8d29ae370a83002172 (1.6)
Upstream:http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=89219baab0bf6ff05142518110f45c8159be8092 (1.6)
More Information

Updated: 2016-03-23 03:41:21 UTC (commit 10817)