Debian 10241 Published by

A dbus security update has been released for Debian 6 LTS



Package : dbus
Version : 1.2.24-4+squeeze3
CVE ID : CVE-2014-3477 CVE-2014-3638 CVE-2014-3639

This updates fixes multiple (local) denial of services discovered by Alban
Crequy and Simon McVittie.

CVE-2014-3477

Fix a denial of service (failure to obtain bus name) in
newly-activated system services that not all users are allowed to
access.

CVE-2014-3638

Reduce maximum number of pending replies per connection to avoid
algorithmic complexity denial of service.

CVE-2014-3639

The daemon now limits the number of unauthenticated connection slots
so that malicious processes cannot prevent new connections to the
system bus.
  DLA 87-1: dbus security update