DebianDEBIAN:DLA-87-1:B379F[SECURITY] [DLA 87-1] dbus security update
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.2%
Package : dbus
Version : 1.2.24-4+squeeze3
CVE ID : CVE-2014-3477 CVE-2014-3638 CVE-2014-3639
This updates fixes multiple (local) denial of services discovered by Alban
Crequy and Simon McVittie.
CVE-2014-3477
Fix a denial of service (failure to obtain bus name) in
newly-activated system services that not all users are allowed to
access.
CVE-2014-3638
Reduce maximum number of pending replies per connection to avoid
algorithmic complexity denial of service.
CVE-2014-3639
The daemon now limits the number of unauthenticated connection slots
so that malicious processes cannot prevent new connections to the
system bus.
–
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | dbus-x11 | < 1.2.24-4+squeeze3 | dbus-x11_1.2.24-4+squeeze3_all.deb |
| Debian | 6 | all | libdbus-1-dev | < 1.2.24-4+squeeze3 | libdbus-1-dev_1.2.24-4+squeeze3_all.deb |
| Debian | 6 | all | dbus-1-dbg | < 1.2.24-4+squeeze3 | dbus-1-dbg_1.2.24-4+squeeze3_all.deb |
| Debian | 6 | all | dbus-1-doc | < 1.2.24-4+squeeze3 | dbus-1-doc_1.2.24-4+squeeze3_all.deb |
| Debian | 6 | all | dbus | < 1.2.24-4+squeeze3 | dbus_1.2.24-4+squeeze3_all.deb |
| Debian | 6 | all | libdbus-1-3 | < 1.2.24-4+squeeze3 | libdbus-1-3_1.2.24-4+squeeze3_all.deb |
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.2%