CVE-2014-3533

Published: 02 July 2014

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

Priority

Medium

Status

Package Release Status
dbus
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.6-1, 1.8.6, 1.6.22)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.6.18-0ubuntu4.1)
Patches:
Upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=07f4c12efe3b9bd45d109bc5fbaf6d9dbf69d78e (1.8)
Upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b9c338e32390f953d4c9772daef31187a117b376 (1.6)