Debian: DSA-2971-1: dbus security update

    Date02 Jul 2014
    CategoryDebian
    51
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2971-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Salvatore Bonaccorso
    July 02, 2014                          http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : dbus
    CVE ID         : CVE-2014-3477 CVE-2014-3532 CVE-2014-3533
    
    Several vulnerabilities have been discovered in dbus, an asynchronous
    inter-process communication system. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2014-3477
    
        Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an
        AccessDenied error to the service instead of a client when the
        client is prohibited from accessing the service. A local attacker
        could use this flaw to cause a bus-activated service that is not
        currently running to attempt to start, and fail, denying other users
        access to this service.
    
    CVE-2014-3532
    
        Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's
        support for file descriptor passing. A malicious process could force
        system services or user applications to be disconnected from the
        D-Bus system by sending them a message containing a file descriptor,
        leading to a denial of service.
    
    CVE-2014-3533
    
        Alban Crequy at Collabora Ltd. and Alejandro Martinez Suarez
        discovered that a malicious process could force services to be
        disconnected from the D-Bus system by causing dbus-daemon to attempt
        to forward invalid file descriptors to a victim process, leading to
        a denial of service.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 1.6.8-1+deb7u3.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.8.6-1.
    
    We recommend that you upgrade your dbus packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.