SB2014102213 - Input validation error in dbus (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2014-3639)

The vulnerability allows local users to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=256f4e7e9f920e61c9a0f213d108851dd6eee97c
• https://git.alpinelinux.org/aports/commit/?id=d02e78275a3bb690d9d8099bf31ff92e3a9e68fe
• https://git.alpinelinux.org/aports/commit/?id=805a5164875cd3f789db8929be1b6c9380f98d98
• https://git.alpinelinux.org/aports/commit/?id=c3b756f3144debef12e39f410d862ad4a3a4f3d1