Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. (CVE-2014-3477)
Alban Crequy discovered that dbus-daemon incorrectly handled certain file descriptors. A local attacker could use this issue to cause services or clients to disconnect, resulting in a denial of service. (CVE-2014-3532, CVE-2014-3533)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus-1-dbg" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus-1-doc" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "dbus-x11" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "libdbus-1-3" }, { "binary_version": "1.6.18-0ubuntu4.1", "binary_name": "libdbus-1-dev" } ] }