Project

General

Profile

Bug #3452

Bug #3448: dbus: security issues (CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639)

[v3.0] dbus: security issues (CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639)

Added by Alexander Belous over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
10/17/2014
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

Alban Crequy and Simon McVittie at Collabora Ltd. discovered and fixed several security flaws in the reference implementation of dbus-daemon, the D-Bus message bus daemon. fd.o #83622 is a heap overflow and could potentially be exploited to alter data or executable code; the rest are denial-of-service issues.

For the stable branch these are fixed in dbus 1.8.8.

For the old stable branch, these are fixed in dbus 1.6.24.

References:
http://seclists.org/oss-sec/2014/q3/616
https://bugs.freedesktop.org/show_bug.cgi?id=83622
https://bugs.freedesktop.org/show_bug.cgi?id=82820
https://bugs.freedesktop.org/show_bug.cgi?id=80559
https://bugs.freedesktop.org/show_bug.cgi?id=81053
https://bugs.freedesktop.org/show_bug.cgi?id=80919

Associated revisions

Revision c3b756f3 (diff)
Added by Natanael Copa over 4 years ago

main/dbus: security upgrade to 1.8.8 (CVE-2014-3635,CVE-2014-3636,CVE-2014-3637,CVE-2014-3638,CVE-2014-3639)

fixes #3452

History

#1 Updated by Natanael Copa over 4 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Natanael Copa over 4 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF