| 2 | |
| 3 | [http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz] |
| 4 | |
| 5 | [http://lists.freedesktop.org/archives/dbus/2015-February/016554.html] |
| 6 | |
| 7 | {{{ |
| 8 | Security fixes: |
| 9 | |
| 10 | • Do not allow non-uid-0 processes to send forged ActivationFailure |
| 11 | messages. On Linux systems with systemd activation, this would |
| 12 | allow a local denial of service: unprivileged processes could |
| 13 | flood the bus with these forged messages, winning the race with |
| 14 | the actual service activation and causing an error reply |
| 15 | to be sent back when service auto-activation was requested. |
| 16 | This does not prevent the real service from being started, |
| 17 | so it only works while the real service is not running. |
| 18 | (CVE-2015-0245, fd.o #88811; Simon McVittie) |
| 19 | }}} |