1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDateAtUSN: 2014-07-02
Candidate: CVE-2014-3533
PublicDate: 2014-07-19
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533
http://openwall.com/lists/oss-security/2014/07/02/4
http://www.ubuntu.com/usn/usn-2275-1
Description:
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause
a denial of service (disconnect) via a certain sequence of crafted messages
that cause the dbus-daemon to forward a message containing an invalid file
descriptor.
Ubuntu-Description:
Notes:
mdeslaur> 1.3.0 and newer only
Bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=80469
Priority: medium
Discovered-by: Alban Crequy
Assigned-to: mdeslaur
Patches_dbus:
upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=07f4c12efe3b9bd45d109bc5fbaf6d9dbf69d78e (1.8)
upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b9c338e32390f953d4c9772daef31187a117b376 (1.6)
upstream_dbus: released (1.8.6-1, 1.8.6, 1.6.22)
lucid_dbus: not-affected (1.2.16-2ubuntu4.7)
precise_dbus: released (1.4.18-1ubuntu1.5)
saucy_dbus: released (1.6.12-0ubuntu10.1)
trusty_dbus: released (1.6.18-0ubuntu4.1)
devel_dbus: released (1.6.18-0ubuntu9)
|