CVE-2014-3532

Published: 02 July 2014

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Priority

Medium

Status

Package Release Status
dbus
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.6-1, 1.8.6, 1.6.22)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.6.18-0ubuntu4.1)
Patches:
Upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=9ca90648fc870c24d852ce6d7ce9387a9fc9a94a (1.8)
Upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=8c7176019fbc2e8fee41d93ce82ac2603fe57d67 (1.6)