Simon McVittie discovered a local denial of service flaw in dbus, an
asynchronous inter-process communication system. On systems with
systemd-style service activation, dbus-daemon does not prevent forged
ActivationFailure messages from non-root processes. A malicious local
user could use this flaw to trick dbus-daemon into thinking that systemd
failed to activate a system service, resulting in an error reply back to
the requester.
For the stable distribution (wheezy), this problem has been fixed in
version 1.6.8-1+deb7u6.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.16-1.
We recommend that you upgrade your dbus packages.
CPE | Name | Operator | Version |
---|---|---|---|
dbus | eq | 1.6.8-1 | |
dbus | eq | 1.6.8-1+deb7u4 | |
dbus | eq | 1.6.8-1+deb7u2 | |
dbus | eq | 1.6.8-1+deb7u5 | |
dbus | eq | 1.6.8-1+deb7u1 | |
dbus | eq | 1.6.8-1+deb7u3 |