1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
PublicDateAtUSN: 2014-11-18
Candidate: CVE-2014-7824
PublicDate: 2014-11-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7824
https://bugs.freedesktop.org/show_bug.cgi?id=85105
http://xforce.iss.net/xforce/xfdb/98576
http://www.openwall.com/lists/oss-security/2014/11/10/2
http://www.ubuntu.com/usn/usn-2425-1
Description:
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x
before 1.9.2 allows local users to cause a denial of service (prevention of
new connections and connection drop) by queuing the maximum number of file
descriptors. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2014-3636.1.
Ubuntu-Description:
Notes:
mdeslaur> also should include regression fix for CVE-2014-3639:
mdeslaur> https://bugs.freedesktop.org/show_bug.cgi?id=86431
Bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=85105
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
Patches_dbus:
upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=68cb9ead957314b30e604018f2dd5b0fc3b2127c (1.6)
upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=4e466446d27f1a3991c22307a47a81c9e93e530d (1.8)
upstream_dbus: released (1.6.26, 1.8.10-1)
lucid_dbus: not-affected (1.2.16-2ubuntu4.7)
precise_dbus: released (1.4.18-1ubuntu1.7)
trusty_dbus: released (1.6.18-0ubuntu4.3)
utopic_dbus: released (1.8.8-1ubuntu2.1)
devel_dbus: released (1.8.8-2ubuntu2)
|