[v3.0] dbus: DoS in systemd activation (CVE-2015-0245)
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
http://www.openwall.com/lists/oss-security/2015/02/09/6
http://www.debian.org/security/2015/dsa-3161
http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html
http://seclists.org/oss-sec/2015/q1/480
(from redmine: issue id 3984, created on 2015-03-16, closed on 2015-03-17)
- Relations:
- parent #3981 (closed)
- Changesets:
- Revision e2aa718a by Natanael Copa on 2015-03-17T08:32:23Z:
main/dbus: security upgrade to 1.8.16 (CVE-2015-0245)
fixes #3984