blob: 61eb02b4254fa75e09656facad40bd048b85b8da [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="201503-02">
<title>D-Bus: Denial of Service</title>
<synopsis>A vulnerability has been found in D-Bus, possibly resulting in
local Denial of Service.
<product type="ebuild">dbus</product>
<announced>March 07, 2015</announced>
<revised>March 07, 2015: 1</revised>
<package name="sys-apps/dbus" auto="yes" arch="*">
<unaffected range="ge">1.8.16</unaffected>
<vulnerable range="lt">1.8.16</vulnerable>
<p>D-Bus is a message bus system, a simple way for applications to talk to
one another.
<p>D-Bus doesn’t validate the source of ActivationFailure signals.</p>
<impact type="normal">
<p>A local attacker could possibly cause a Denial of Service condition.</p>
<p>There is no known workaround at this time.</p>
<p>All D-Bus users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.8.16"
<uri link="">CVE-2015-0245</uri>
<metadata tag="requester" timestamp="Wed, 25 Feb 2015 04:08:15 +0000">
<metadata tag="submitter" timestamp="Sat, 07 Mar 2015 08:59:46 +0000">Zlogene</metadata>