CVE-2014-3636

Published: 17 September 2014

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

Priority

Medium

Status

Package Release Status
dbus
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.24,1.8.8)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.6.18-0ubuntu4.2)
Patches:
Upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=6465e37c8ff70a714e302d0c9e6534fa6181fce6 (1.8)
Upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=346da99f7620e6901e7c7babd4590fcc5aac32bf (1.6)