Summary: | <sys-apps/dbus-1.8.16: denial of service in dbus >= 1.4 systemd activation (CVE-2015-0245) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | freedesktop-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/02/09/6 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-02-09 16:38:53 UTC
10 Feb 2015; Kristian Fiskerstrand <k_f@gentoo.org> +dbus-1.8.16.ebuild: Security bump for #539482. Proxy commit for ssuominen. Arches, please stabilize: =sys-apps/dbus-1.8.16 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable x86 stable CVE-2015-0245 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0245): D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. sparc stable arm stable ppc64 stable ppc stable ia64 stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). + 28 Feb 2015; Kristian Fiskerstrand <k_f@gentoo.org> -dbus-1.8.10.ebuild, + -dbus-1.8.12.ebuild: + Security cleanup for bug #539482 This issue was resolved and addressed in GLSA 201503-02 at http://security.gentoo.org/glsa/glsa-201503-02.xml by GLSA coordinator Sergey Popov (pinkbyte). |