CVE-2014-3532

Publication date 2 July 2014

Last updated 24 July 2024

Ubuntu priority

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dbus	14.04 LTS trusty	Fixed 1.6.18-0ubuntu4.1
	13.10 saucy	Fixed 1.6.12-0ubuntu10.1
	12.04 LTS precise	Fixed 1.4.18-1ubuntu1.5
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

1.3.0 and newer only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
dbus	Upstream: ?h=dbus Upstream: ?h=dbus

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2275-1
DBus vulnerabilities
8 July 2014

Other references

http://openwall.com/lists/oss-security/2014/07/02/4
https://www.cve.org/CVERecord?id=CVE-2014-3532