Advisories » MGASA-2014-0266

Updated dbus packages fix security vulnerability

Publication date: 18 Jun 2014
Modification date: 18 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3477

Description

Updated dbus packages fix security vulnerability:

A denial of service vulnerability in D-Bus before 1.6.20 allows a local
attacker to cause a bus-activated service that is not currently running
to attempt to start, and fail, denying other users access to this service
Additionally, in highly unusual environments the same flaw could lead to
a side channel between processes that should not be able to communicate
(CVE-2014-3477).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13513
• http://lists.freedesktop.org/archives/dbus/2014-June/016220.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477

SRPMS

4/core

• dbus-1.6.18-1.1.mga4

3/core

• dbus-1.6.8-4.2.mga3