- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2275-1
July 08, 2014
dbus vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in DBus.
Software Description:
– dbus: simple interprocess messaging system
Details:
Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied
errors to the service instead of the client when enforcing permissions. A
local user can use this issue to possibly deny access to the service.
(CVE-2014-3477)
Alban Crequy discovered that dbus-daemon incorrectly handled certain file
descriptors. A local attacker could use this issue to cause services or
clients to disconnect, resulting in a denial of service. (CVE-2014-3532,
CVE-2014-3533)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
dbus 1.6.18-0ubuntu4.1
libdbus-1-3 1.6.18-0ubuntu4.1
Ubuntu 13.10:
dbus 1.6.12-0ubuntu10.1
libdbus-1-3 1.6.12-0ubuntu10.1
Ubuntu 12.04 LTS:
dbus 1.4.18-1ubuntu1.5
libdbus-1-3 1.4.18-1ubuntu1.5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2275-1
CVE-2014-3477, CVE-2014-3532, CVE-2014-3533
Package Information:
https://launchpad.net/ubuntu/+source/dbus/1.6.18-0ubuntu4.1
https://launchpad.net/ubuntu/+source/dbus/1.6.12-0ubuntu10.1
https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.5
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTvC4dAAoJEGVp2FWnRL6TQ1QP/1OqMnMj9N9mzHUfHpZpFdWF
os8IW2v6HnG11VMXefWrlyTQskZ3YLUBVUSSlwWmlueArEBn4MP7T36BJtOD/7K5
p827HmxK/lAAsb/xJ7vIx+TM+qRHKWmuYUnvQ4TWjA5YDxl44XXmQCikNMs0SCDs
xGyyORqqlndfu/l2UC64ylaRayKlkpI5XxqGJGLvHpMq75LPcOzzr2UOkafSKjeZ
Qdc3Q2QG7OIROC1T34LB+WpAOo81Y6izzvw25jqHmxKHJ4iOK7g0AL4Ld891UVa6
De5CrCCETVNSA7z+1FQechZEQ+8m3WsiUlXtmzvMbZevI7xLh3JXB/bBUatb+wwP
2JaQZV0nevgfd0hcFAe8pZd3tS6fReACB33RPbvOK71Q4bXcaQxUwCtjISfJkAWV
lyO/AI4Q08yu7BQH+KL95EZlC9stYesYKu6Tnwda9gfmQBEdTku58VIlW1V6QRm/
FmRex/6QgxMu4vj02RDimf2HHDGkT/TxLD56p1dy4+YCxW8w54/FuZ5fQn4kl8V6
0YgXYnFrwQ0HP4PNRL6FW012T7qEt6fB/l/M+OuOu6eAU0AD3lEGKBUVllff279V
laN1WcZgdKAcEa4b7KCOBF9YzcNckQReSPELQzS7RxHGvv3QEhBImrn+W9yxh3P0
PLHFT4t2iwsrFnGOhAKs
=1kzg
—–END PGP SIGNATURE—–
—
| Autor | Marko Stanec |
| Cert id | NCERT-REF-2014-07-0004-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
