You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa dbus

Sigurnosni nedostaci programskog paketa dbus

==========================================================================
Ubuntu Security Notice USN-2275-1
July 08, 2014

dbus vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in DBus.

Software Description:
– dbus: simple interprocess messaging system

Details:

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied
errors to the service instead of the client when enforcing permissions. A
local user can use this issue to possibly deny access to the service.
(CVE-2014-3477)

Alban Crequy discovered that dbus-daemon incorrectly handled certain file
descriptors. A local attacker could use this issue to cause services or
clients to disconnect, resulting in a denial of service. (CVE-2014-3532,
CVE-2014-3533)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
dbus 1.6.18-0ubuntu4.1
libdbus-1-3 1.6.18-0ubuntu4.1

Ubuntu 13.10:
dbus 1.6.12-0ubuntu10.1
libdbus-1-3 1.6.12-0ubuntu10.1

Ubuntu 12.04 LTS:
dbus 1.4.18-1ubuntu1.5
libdbus-1-3 1.4.18-1ubuntu1.5

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2275-1
CVE-2014-3477, CVE-2014-3532, CVE-2014-3533

Package Information:
https://launchpad.net/ubuntu/+source/dbus/1.6.18-0ubuntu4.1
https://launchpad.net/ubuntu/+source/dbus/1.6.12-0ubuntu10.1
https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTvC4dAAoJEGVp2FWnRL6TQ1QP/1OqMnMj9N9mzHUfHpZpFdWF
os8IW2v6HnG11VMXefWrlyTQskZ3YLUBVUSSlwWmlueArEBn4MP7T36BJtOD/7K5
p827HmxK/lAAsb/xJ7vIx+TM+qRHKWmuYUnvQ4TWjA5YDxl44XXmQCikNMs0SCDs
xGyyORqqlndfu/l2UC64ylaRayKlkpI5XxqGJGLvHpMq75LPcOzzr2UOkafSKjeZ
Qdc3Q2QG7OIROC1T34LB+WpAOo81Y6izzvw25jqHmxKHJ4iOK7g0AL4Ld891UVa6
De5CrCCETVNSA7z+1FQechZEQ+8m3WsiUlXtmzvMbZevI7xLh3JXB/bBUatb+wwP
2JaQZV0nevgfd0hcFAe8pZd3tS6fReACB33RPbvOK71Q4bXcaQxUwCtjISfJkAWV
lyO/AI4Q08yu7BQH+KL95EZlC9stYesYKu6Tnwda9gfmQBEdTku58VIlW1V6QRm/
FmRex/6QgxMu4vj02RDimf2HHDGkT/TxLD56p1dy4+YCxW8w54/FuZ5fQn4kl8V6
0YgXYnFrwQ0HP4PNRL6FW012T7qEt6fB/l/M+OuOu6eAU0AD3lEGKBUVllff279V
laN1WcZgdKAcEa4b7KCOBF9YzcNckQReSPELQzS7RxHGvv3QEhBImrn+W9yxh3P0
PLHFT4t2iwsrFnGOhAKs
=1kzg
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci u jezgri operacijskog sustava

Otkriveni su sigurnosni nedostaci u jezgri operacijskog sustava FreeBSD. Otkriveni nedostaci potencijalnim napadačima omogućuju dohvaćanje dijelova rezervirane memorije operacijskog sustava....

Close