A denial of service flaw was reported in D-Bus's method call handling. A local, malicious user could open a large number of parallel connections that all send the maximum number of method calls, causing subsequent calls to slow considerably. It was reported that all versions of D-Bus are affected. Acknowledgements: Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy as the original reporter.
Created attachment 936444 [details] initial upstream patch
Created dbus tracking bugs for this issue: Affects: fedora-all [bug 1142581]
Created mingw-dbus tracking bugs for this issue: Affects: fedora-all [bug 1142582] Affects: epel-7 [bug 1142583]
Public now: http://www.openwall.com/lists/oss-security/2014/09/16/9
dbus-1.6.28-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
dbus-1.8.12-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
dbus-1.6.28-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.