Opened 9 years ago
Last modified 9 years ago
#6132 closed enhancement
dbus-1.8.16 — at Version 1
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 7.7 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
New Point version
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz
http://lists.freedesktop.org/archives/dbus/2015-February/016554.html
Security fixes: • Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of service: unprivileged processes could flood the bus with these forged messages, winning the race with the actual service activation and causing an error reply to be sent back when service auto-activation was requested. This does not prevent the real service from being started, so it only works while the real service is not running. (CVE-2015-0245, fd.o #88811; Simon McVittie)
Change History (1)
comment:1 by , 9 years ago
Description: | modified (diff) |
---|---|
Summary: | dbus-1.8.15 → dbus-1.8.16 |
Note:
See TracTickets
for help on using tickets.