dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus-1-dbg" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus-1-doc" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus-x11" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "libdbus-1-3" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "libdbus-1-dev" } ] }