Lucene search

Gentoo FoundationMGASA-2014-0294

HistoryJul 26, 2014 - 3:48 p.m.

Updated dbus packages fix multiple vulnerabilities

2014-07-2615:48:47

Gentoo Foundation

advisories.mageia.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

36.4%

JSON

Updated dbus packages fix security vulnerabilities: A flaw was reported in D-Bus’s file descriptor passing feature. A local attacker could use this flaw to cause a service or application to disconnect from the bus, typically resulting in that service or application exiting (CVE-2014-3532). A flaw was reported in D-Bus’s file descriptor passing feature. A local attacker could use this flaw to cause an invalid file descriptor to be forwarded to a service or application, causing it to disconnect from the bus, typically resulting in that service or application exiting (CVE-2014-3533).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchdbus< 1.6.8-4.4dbus-1.6.8-4.4.mga3
Mageia4noarchdbus< 1.6.18-1.3dbus-1.6.18-1.3.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	dbus	< 1.6.8-4.4	dbus-1.6.8-4.4.mga3
Mageia	4	noarch	dbus	< 1.6.18-1.3	dbus-1.6.18-1.3.mga4

References

lists.freedesktop.org/archives/dbus/2014-July/016235.html

bugs.mageia.org/show_bug.cgi?id=13653

lists.fedoraproject.org/pipermail/package-announce/2014-July/135226.html

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for MGASA-2014-0294