[v3.0] dbus: security issues (CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639)
Alban Crequy and Simon McVittie at Collabora Ltd. discovered and fixed several security flaws in the reference implementation of dbus-daemon, the D-Bus message bus daemon. fd.o #83622 is a heap overflow and could potentially be exploited to alter data or executable code; the rest are denial-of-service issues.
For the stable branch these are fixed in dbus 1.8.8.
For the old stable branch, these are fixed in dbus 1.6.24.
References:
http://seclists.org/oss-sec/2014/q3/616
https://bugs.freedesktop.org/show\_bug.cgi?id=83622
https://bugs.freedesktop.org/show\_bug.cgi?id=82820
https://bugs.freedesktop.org/show\_bug.cgi?id=80559
https://bugs.freedesktop.org/show\_bug.cgi?id=81053
https://bugs.freedesktop.org/show\_bug.cgi?id=80919
(from redmine: issue id 3452, created on 2014-10-17, closed on 2014-10-23)
- Relations:
- parent #3448 (closed)
- Changesets:
- Revision c3b756f3 by Natanael Copa on 2014-10-22T14:54:24Z:
main/dbus: security upgrade to 1.8.8 (CVE-2014-3635,CVE-2014-3636,CVE-2014-3637,CVE-2014-3638,CVE-2014-3639)
fixes #3452