D-Bus: Multiple Vulnerabilities — GLSA 201412-12

Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service.

Affected packages

Background

D-Bus is a message bus system, a simple way for applications to talk to one another.

Description

Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.8.10"
 

References

• CVE-2014-3477
• CVE-2014-3532
• CVE-2014-3533
• CVE-2014-3635
• CVE-2014-3636
• CVE-2014-3637
• CVE-2014-3638
• CVE-2014-3639
• CVE-2014-7824

Release date
December 13, 2014

Latest revision
December 13, 2014: 1

Severity
normal

Exploitable
local

Bugzilla entries

• 512940
• 516080
• 522982
• 528900