Opened 9 years ago
Closed 9 years ago
#6132 closed enhancement (fixed)
dbus-1.8.16
| Reported by: | Owned by: | Fernando de Oliveira | |
|---|---|---|---|
| Priority: | normal | Milestone: | 7.7 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
New Point version
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz
http://lists.freedesktop.org/archives/dbus/2015-February/016554.html
... This is a security update release for the current stable branch, 1.8.x. Please upgrade unless you have a reason to keep using an older branch. ... Security fixes: • Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of service: unprivileged processes could flood the bus with these forged messages, winning the race with the actual service activation and causing an error reply to be sent back when service auto-activation was requested. This does not prevent the real service from being started, so it only works while the real service is not running. (CVE-2015-0245, fd.o #88811; Simon McVittie) ...
Change History (5)
comment:1 by , 9 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | dbus-1.8.15 → dbus-1.8.16 |
comment:2 by , 9 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 9 years ago
| Description: | modified (diff) |
|---|
comment:4 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r15492.