SB2014102212 - Resource management error in dbus (Alpine package)
Published: October 22, 2014
Security Bulletin ID
SB2014102212
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2014-3638)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=256f4e7e9f920e61c9a0f213d108851dd6eee97c
- https://git.alpinelinux.org/aports/commit/?id=d02e78275a3bb690d9d8099bf31ff92e3a9e68fe
- https://git.alpinelinux.org/aports/commit/?id=805a5164875cd3f789db8929be1b6c9380f98d98
- https://git.alpinelinux.org/aports/commit/?id=c3b756f3144debef12e39f410d862ad4a3a4f3d1