CVE-2014-3533

Name of the Vulnerable Software and Affected Versions dbus versions 1.3.0 through 1.6.22 dbus versions 1.8.x through 1.8.6 dbus versions prior to 1.8.10

Description The issue allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. Multiple vulnerabilities in the dbus package can lead to violations of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely.

Recommendations For dbus versions 1.3.0 through 1.6.22, update to version 1.6.22 or later. For dbus versions 1.8.x through 1.8.6, update to version 1.8.6 or later. For dbus versions prior to 1.8.10, update to version 1.8.10 or later.