CVE-2014-3638

Published: 17 September 2014

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

Priority

Status

Package	Release	Status
dbus Launchpad, Ubuntu, Debian	lucid	Released (1.2.16-2ubuntu4.8)
	precise	Released (1.4.18-1ubuntu1.6)
	trusty	Released (1.6.18-0ubuntu4.2)
	upstream	Released (1.6.24,1.8.8)
	Patches: upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=5bc7f9519ebc6117ba300c704794b36b87c2194b upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=6060aaa0ea1e9bbe1dd7a1864c8df52e333a45ee

References

http://www.openwall.com/lists/oss-security/2014/09/16/9
https://ubuntu.com/security/notices/USN-2352-1
https://www.cve.org/CVERecord?id=CVE-2014-3638
NVD
Launchpad
Debian

Bugs

https://bugs.freedesktop.org/show_bug.cgi?id=81053

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›