The vulnerability of the D-Bus inter-process communication system, related to memory corruption after deallocation, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a memory usage error that occurs after freeing memory, caused by messages with non-sequential byte orders and Unix file descriptors. Exploiting this vulnerability can allow an attacker to cause service failures...

Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)

Simon McVittie reports : Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...

dbus -- multiple vulnerabilities

Simon McVittie reports: Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...