Updated dbus packages fix multiple vulnerabilities
Publication date: 26 Jul 2014Modification date: 26 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3532 , CVE-2014-3533
Description
Updated dbus packages fix security vulnerabilities:
A flaw was reported in D-Bus's file descriptor passing feature. A local
attacker could use this flaw to cause a service or application to disconnect
from the bus, typically resulting in that service or application exiting
(CVE-2014-3532).
A flaw was reported in D-Bus's file descriptor passing feature. A local
attacker could use this flaw to cause an invalid file descriptor to be
forwarded to a service or application, causing it to disconnect from the bus,
typically resulting in that service or application exiting (CVE-2014-3533).
References
- http://lists.freedesktop.org/archives/dbus/2014-July/016235.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135226.html
- https://bugs.mageia.org/show_bug.cgi?id=13653
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533
SRPMS
3/core
- dbus-1.6.8-4.4.mga3
4/core
- dbus-1.6.18-1.3.mga4