Advisories ยป MGASA-2014-0294

Updated dbus packages fix multiple vulnerabilities

Publication date: 26 Jul 2014
Modification date: 26 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3532 , CVE-2014-3533

Description

Updated dbus packages fix security vulnerabilities:

A flaw was reported in D-Bus's file descriptor passing feature. A local
attacker could use this flaw to cause a service or application to disconnect
from the bus, typically resulting in that service or application exiting
(CVE-2014-3532).

A flaw was reported in D-Bus's file descriptor passing feature. A local
attacker could use this flaw to cause an invalid file descriptor to be
forwarded to a service or application, causing it to disconnect from the bus,
typically resulting in that service or application exiting (CVE-2014-3533).
                

References

SRPMS

3/core

4/core