CVE-2014-3639
Published: 17 September 2014
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
Priority
Status
Package | Release | Status |
---|---|---|
dbus Launchpad, Ubuntu, Debian |
lucid |
Released
(1.2.16-2ubuntu4.8)
|
precise |
Released
(1.4.18-1ubuntu1.6)
|
|
trusty |
Released
(1.6.18-0ubuntu4.2)
|
|
upstream |
Released
(1.6.24,1.8.8)
|
|
Patches: upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=54d26df52b6a394bea175651d1d7ad2ab3f87dea upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=8ad179a8dad789fc6a5402780044bc0ec3d41115 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=a3477feb7aa8658602cceb8d29ae370a83002172 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=89219baab0bf6ff05142518110f45c8159be8092 |