Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#5270 closed enhancement (fixed)

dbus-1.14.8

Reported by: Xi Ruoyao Owned by: lfs-book
Priority: high Milestone: 12.0
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New patch version.

Change History (6)

comment:1 by Xi Ruoyao, 2 years ago

Denial-of-service fixes:

  • Fix an assertion failure in dbus-daemon when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. This is a denial of service if triggered maliciously by a local attacker. (dbus#457; hongjinghao, Simon McVittie)

Other fixes:

  • Fix compilation on compilers not supporting __FUNCTION__ (dbus!404, Barnabás Pőcze)
  • Fix some memory leaks on out-of-memory conditions (dbus!403, Barnabás Pőcze)
  • Documentation: · Fix syntax of a code sample in dbus-api-design

(dbus!396; Yen-Chin, Lee)

Tests and CI enhancements:

  • Fix CI pipelines after freedesktop/freedesktop#540 (dbus!405, dbus#456; Simon McVittie)

comment:2 by Xi Ruoyao, 2 years ago

Priority: normalhigh

Security+ as the upstream is assigning a CVE number.

in reply to:  2 comment:3 by Xi Ruoyao, 2 years ago

Replying to Xi Ruoyao:

Security+ as the upstream is assigning a CVE number.

Now assigned CVE-2023-34969 for the denial-of-service.

comment:4 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: newclosed

Fixed at commit 2ebf4143a8e1dfac1f4855ae116aeabb3f50418a

comment:5 by Douglas R. Reno, 2 years ago

SA-11.3-041 issued

comment:6 by Bruce Dubbs, 2 years ago

Milestone: 11.412.0

Milestone renamed

Note: See TracTickets for help on using tickets.