14 DAY TRIAL // Canonical has announced that a number of DBus vulnerabilities have been found and fixed in its Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.
The company has just released a new update for dbus (simple interprocess messaging system) and the devs have said that a few security issues have been fixed.
“Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS,” reads the security notice.
Also, “Alban Crequy discovered that DBus incorrectly handled a large number of parallel connections and parallel message calls. A local attacker could use this issue to cause DBus to consume resources, possibly resulting in a denial of service.”
These are just a couple of the vulnerabilities identified by the developer, and for a more detailed description of the problems you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest dbus-related packages specific to each distribution. To apply the patch, run the Update Manager application.
In general, a standard system update will make all the necessary changes. A reboot of the system is required.