Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 907975 (CVE-2023-34969) - <sys-apps/dbus-1.15.6[debug]: Crash when assertions are enabled with monitoring connection
Summary: <sys-apps/dbus-1.15.6[debug]: Crash when assertions are enabled with monitori...
Alias: CVE-2023-34969
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: C3 [glsa? cleanup]
Depends on: 910512
  Show dependency tree
Reported: 2023-06-07 08:02 UTC by Sam James
Modified: 2023-08-02 05:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-06-07 08:02:04 UTC
+dbus 1.15.6 (2023-06-06)
+Denial-of-service fixes:
+• Fix an assertion failure in dbus-daemon when a privileged Monitoring
+  connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
+  is active, and a message from the bus driver cannot be delivered to a
+  client connection due to <deny> rules or outgoing message quota. This
+  is a denial of service if triggered maliciously by a local attacker.
+  (dbus#457; hongjinghao, Simon McVittie)
Comment 1 Larry the Git Cow gentoo-dev 2023-06-07 08:14:20 UTC
The bug has been referenced in the following commit(s):

commit 019441ca69cd9026020e0af5b5d4a77e12fcce06
Author:     Sam James <>
AuthorDate: 2023-06-07 07:58:48 +0000
Commit:     Sam James <>
CommitDate: 2023-06-07 08:14:06 +0000

    sys-apps/dbus: add 1.15.6
    Signed-off-by: Sam James <>

 sys-apps/dbus/Manifest           |   1 +
 sys-apps/dbus/dbus-1.15.6.ebuild | 302 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 303 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-09 03:32:07 UTC
CVE-2023-34969 (

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.