Errata ALT-PU-2015-2059-1: Information
Fixes
Published: Jan. 1, 1970
BDU:2015-01741
Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (1.9)
Links:
Published: Jan. 1, 1970
BDU:2015-04278
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (2.1)
Links:
Published: Jan. 1, 1970
BDU:2015-04279
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (2.1)
Links:
Published: Jan. 1, 1970
BDU:2015-04280
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (2.1)
Links:
Published: Jan. 1, 1970
BDU:2015-04281
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (2.1)
Links:
Published: Jan. 1, 1970
BDU:2015-04282
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (2.1)
Links:
Published: Aug. 22, 2013
BDU:2015-09737
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить доступность защищаемой информации
Severity: LOW (1.9)
Links:
Published: Dec. 13, 2014
BDU:2015-09788
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
Links:
Published: July 7, 2013
BDU:2020-04521
Уязвимость системы межпроцессорного взаимодействия D-Bus, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Links:
Published: July 3, 2013
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2013-2168
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
Severity: LOW (1.9)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=974109
- FEDORA-2013-11198
- 60546
- 1028667
- [dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound
- [oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound
- http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
- FEDORA-2013-11142
- 53317
- MDVSA-2013:177
- 53832
- DSA-2707
- USN-1874-1
- openSUSE-SU-2013:1118
- openSUSE-SU-2014:1239
- oval:org.mitre.oval:def:16881
Published: July 1, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3477
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
Severity: LOW (2.1)
Links:
- [oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon
- 67986
- http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
- https://bugs.freedesktop.org/show_bug.cgi?id=78979
- openSUSE-SU-2014:0874
- 59611
- DSA-2971
- openSUSE-SU-2014:0821
- 59428
- 59798
- openSUSE-SU-2014:1239
- MDVSA-2015:176
- http://advisories.mageia.org/MGASA-2014-0266.html
Published: July 19, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3533
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
Severity: LOW (2.1)
Links:
- 59611
- DSA-2971
- https://bugs.freedesktop.org/show_bug.cgi?id=80469
- [oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon
- https://bugs.freedesktop.org/show_bug.cgi?id=79694
- 59798
- 60236
- openSUSE-SU-2014:1239
- MDVSA-2015:176
- http://advisories.mageia.org/MGASA-2014-0294.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Published: Sept. 22, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3635
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
Severity: MEDIUM (4.4)
Links:
- 61378
- https://bugs.freedesktop.org/show_bug.cgi?id=83622
- [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8
- DSA-3026
- USN-2352-1
- openSUSE-SU-2014:1239
- MDVSA-2015:176
- http://advisories.mageia.org/MGASA-2014-0395.html
- 1030864
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Published: Oct. 26, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3636
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
Severity: LOW (1.9)
Links:
Published: Sept. 22, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3637
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
Severity: LOW (2.1)
Links:
- https://bugs.freedesktop.org/show_bug.cgi?id=80559
- 61378
- DSA-3026
- [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8
- USN-2352-1
- openSUSE-SU-2014:1239
- MDVSA-2015:176
- http://advisories.mageia.org/MGASA-2014-0395.html
- 1030864
- [oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz
- [oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz
Published: Sept. 22, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3638
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
Severity: LOW (2.1)
Links:
Published: Sept. 22, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-3639
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
Severity: LOW (2.1)
Links:
Published: Nov. 18, 2014
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2014-7824
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
Severity: LOW (2.1)
Links:
Published: Feb. 13, 2015
Modified: Dec. 27, 2023
Modified: Dec. 27, 2023
CVE-2015-0245
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
Severity: LOW (1.9)
Links: