21 matches found
NewStart CGSL MAIN 6.02 : dbus Multiple Vulnerabilities (NS-SA-2022-0093)
The remote NewStart CGSL host, running version MAIN 6.02, has dbus packages installed that are affected by multiple vulnerabilities: - Unspecified vulnerability in the matchruleequal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other...
Mageia: Security Advisory (MGASA-2014-0395)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037)
According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a...
Fedora Update for dbus FEDORA-2015-2007
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for dbus FEDORA-2014-16147
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570)
Update to 1.8.12\r\n Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora Update for dbus FEDORA-2014-16227
Check the version of dbus SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868618";...
Fedora 21 : dbus-1.8.12-1.fc21 (2014-16147)
Update to 1.8.12 1168438 - Fixes CVE-2014-3635 fd.o83622 - Fixes CVE-2014-3636 fd.o82820 - Fixes CVE-2014-3637 fd.o80559 - Fixes CVE-2014-3638 fd.o81053 - Fixes CVE-2014-3639 fd.o80919 - Fixes CVE-2014-7824 fd.o85105 Note that Tenable Network Security has extracted the preceding description block...
Fedora 20 : dbus-1.6.28-1.fc20 (2014-16243)
Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...
Fedora Update for dbus FEDORA-2014-16243
Check the version of dbus SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868585";...
openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1239-1)
The DBUS-1 service and libraries were updated to upstream release 1.6.24 fixing security issues and bugs. Upstream changes since dbus 1.6.8 + Security fixes - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. CVE-2014-3635, fdo83622; Sim...
openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1228-1)
DBUS-1 was upgraded to upstream release 1.8. This brings the version of dbus to the latest stable release from an unstable snapshot 1.7.4 that is know to have several regressions - Upstream changes since 1.7.4 : + Security fixes : - Do not accept an extra fd in the padding of a cmsg message, whic...
Ubuntu: Security Advisory (USN-2352-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : DBus vulnerabilities (USN-2352-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2352-1 advisory. Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash,...
USN-2352-1: DBus vulnerabilities
Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...
CVE-2014-3635
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the maxmessageunixfds limit is set to an odd number, allows local users to cause a denial of service dbus-daemon crash or possibly execute arbitrary code by sending one more fil...
CVE-2014-3635
CVE-2014-3635 is an off-by-one vulnerability in D-Bus affecting 64-bit systems when max_message_unix_fds is odd, allowing local users to crash dbus-daemon or potentially execute code by sending one more file descriptor than the limit. It affects D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x b...
[SECURITY] [DSA 3026-1] dbus security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3026-1 [email protected] http://www.debian.org/security/ Florian Weimer September 16, 2014 http://www.debian.org/security/faq -...
FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)
Simon McVittie reports : Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...
Debian DSA-3026-1 : dbus - security update
Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon. - CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution. -...