[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 87-1] dbus security update

Package        : dbus
Version        : 1.2.24-4+squeeze3
CVE ID         : CVE-2014-3477 CVE-2014-3638 CVE-2014-3639

This updates fixes multiple (local) denial of services discovered by Alban
Crequy and Simon McVittie.


    Fix a denial of service (failure to obtain bus name) in
    newly-activated system services that not all users are allowed to


    Reduce maximum number of pending replies per connection to avoid
    algorithmic complexity denial of service.


    The daemon now limits the number of unauthenticated connection slots
    so that malicious processes cannot prevent new connections to the
    system bus.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature

Reply to: