Opened 10 years ago

Closed 10 years ago

#5234 closed enhancement (fixed)

dbus-1.8.6

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.6
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://dbus.freedesktop.org/releases/dbus/dbus-1.8.6.tar.gz

Change History (3)

comment:1 by Fernando de Oliveira, 10 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 10 years ago

Security fixes:

  • On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fd.o #80163, CVE-2014-3532; Alban Crequy)
  • Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack in which a malicious client can make dbus-daemon disconnect a system service. (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie, Alban Crequy)

Other fixes:

  • When dbus-launch --exit-with-session starts a dbus-daemon but then cannot attach to a session, kill the dbus-daemon as intended (fd.o #74698, Роман Донченко)

comment:3 by Fernando de Oliveira, 10 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r13340.

Note: See TracTickets for help on using tickets.