| | 2 | |
| | 3 | [http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz] |
| | 4 | |
| | 5 | [http://lists.freedesktop.org/archives/dbus/2015-February/016554.html] |
| | 6 | |
| | 7 | {{{ |
| | 8 | Security fixes: |
| | 9 | |
| | 10 | • Do not allow non-uid-0 processes to send forged ActivationFailure |
| | 11 | messages. On Linux systems with systemd activation, this would |
| | 12 | allow a local denial of service: unprivileged processes could |
| | 13 | flood the bus with these forged messages, winning the race with |
| | 14 | the actual service activation and causing an error reply |
| | 15 | to be sent back when service auto-activation was requested. |
| | 16 | This does not prevent the real service from being started, |
| | 17 | so it only works while the real service is not running. |
| | 18 | (CVE-2015-0245, fd.o #88811; Simon McVittie) |
| | 19 | }}} |
