Package : dbus Version : 1.2.24-4+squeeze3 CVE ID : CVE-2014-3477 CVE-2014-3638 CVE-2014-3639 This updates fixes multiple (local) denial of services discovered by Alban Crequy and Simon McVittie. CVE-2014-3477 Fix a denial of service (failure to obtain bus name) in newly-activated system services that not all users are allowed to access. CVE-2014-3638 Reduce maximum number of pending replies per connection to avoid algorithmic complexity denial of service. CVE-2014-3639 The daemon now limits the number of unauthenticated connection slots so that malicious processes cannot prevent new connections to the system bus. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature