Debian Security Advisory 3026-1

Debian Security Advisory 3026-1: Posted Sep 17, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639; SHA-256 | 33bf84d9f10ca8350a51545c2b108e19d75aedf8a3c9887089bcbb7f0eca8d72; Download | Favorite | View

Debian Security Advisory 3026-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3026-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
September 16, 2014                     http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dbus
CVE ID         : CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 
                 CVE-2014-3639

Alban Crequy and Simon McVittie discovered several vulnerabilities in
the D-Bus message daemon.

CVE-2014-3635

    On 64-bit platforms, file descriptor passing could be abused by
    local users to cause heap corruption in the dbus-daemon crash,
    leading to a crash, or potentially to arbitrary code execution.

CVE-2014-3636

    A denial-of-service vulnerability in dbus-daemon allowed local
    attackers to prevent new connections to dbus-daemon, or disconnect
    existing clients, by exhausting descriptor limits.

CVE-2014-3637

    Malicious local users could create D-Bus connections to
    dbus-daemon which could not be terminated by killing the
    participating processes, resulting in a denial-of-service
    vulnerability.

CVE-2014-3638

    dbus-daemon suffered from a denial-of-service vulnerability in the
    code which tracks which messages expect a reply, allowing local
    attackers to reduce the performance of dbus-daemon.

CVE-2014-3639

    dbus-daemon did not properly reject malicious connections from
    local users, resulting in a denial-of-service vulnerability.

For the stable distribution (wheezy), these problems have been fixed in
version 1.6.8-1+deb7u4.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.8-1.

We recommend that you upgrade your dbus packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJUGIrzAAoJEL97/wQC1SS+bgAH/2v7suJ3q6QQ9r8dpK3wlYtC
n6DrrqHvzECB0oEro51cvkHY9cl8HSYlKZoRXdbluEaHGCu+8f/IZ0aQIC2hkz1e
Cqh62l4Gzo+CZRmnDk4oTi2PcqnEXkIJgOo7pEDT4C9+4c5sF+vbLkAJ+x4VoRbf
eneYNgwIPGh8pyvw9VrMzTJAE81j5fZC5g6jxFfQCCOfo6IZlxKhn+d5XCElDz1f
yO4oeczxOkH0oHUo0Jo6Kd2RllbTbO9F+f2PVTOPRAvr1yqEj1zRtll0kA2vXZ0p
13pcZd3F/AWYDF8O5slOPZulx8GmVDETir2Jd8bPCduv7C4DPN9x8MA2IoYV668=
=Cvxc
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3026-1

Debian Security Advisory 3026-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3026-1

Share This

Debian Security Advisory 3026-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems