[Ftp-release] Announcing D-Bus 1.8.16
Simon McVittie
simon.mcvittie at collabora.co.uk
Mon Feb 9 07:25:57 PST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The “poorly concealed wrestlers” release.
This is a security update release for the current stable branch,
1.8.x. Please upgrade unless you have a reason to keep using an older
branch.
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz.asc
git tag: dbus-1.8.16
git branch: dbus-1.8
Security fixes:
• Do not allow non-uid-0 processes to send forged ActivationFailure
messages. On Linux systems with systemd activation, this would
allow a local denial of service: unprivileged processes could
flood the bus with these forged messages, winning the race with
the actual service activation and causing an error reply
to be sent back when service auto-activation was requested.
This does not prevent the real service from being started,
so it only works while the real service is not running.
(CVE-2015-0245, fd.o #88811; Simon McVittie)
Other fixes:
• fix a Windows build failure (fd.o #88009, Ralf Habacker)
• on Windows, allow up to 8K connections to the dbus-daemon instead of
the previous 64, completing a previous fix which only worked under
Autotools (fd.o #71297, Ralf Habacker)
- --
Simon McVittie, Collabora Ltd.
-----BEGIN PGP SIGNATURE-----
iQIVAwUBVNjRgU3o/ypjx8yQAQgvaA//Xw/Y4QdCctT+NB4GtS8JJHQEfOFdap4t
axduCciSGX5kDvHzYGiMyeUDaXcny6JbYPc5KKHz8zkBDXM7HAxC0Kfgy3eMTyro
swNRepPNuevi5bFLQ1lGHBo3SQ9zPQPe5uPhu9VZaB5lvAd0mZWR/Ya1W+bNDlpL
3nTcgwlSkPkhr+hgy5PVkHowVItR5aJk7wHaurybNJJLfrGd3Fxm1zzUYrdoc41x
MCLpMCltAVdqSaH0tf2OfmC0sdxE4kmjsoLAE89qAj9O5uIWSzpNRXRJhGBVjCfE
gtaxyLry4OFTkJDpEmjjg9h3pAUrJxaXKIFCFF30iLmiqOoGwb0pAUQpPyE2yQ0F
otmOwunMfT0gxpk6FHd87YMe0fyN0DVCxft1IEb8QiuAmc0JrD7nmTGESMBoWji2
0GfAN0SsGvvZVFqUaoqHF1RBAEF24exIOhNQpwL/9Oo/fb7X7r9+GZQcuslGzEcm
ipwt03f+nM1t+c73jjNFNOn/7XwMOpHj2SIj96hwy9mwTSarh0OKV2Pz7hTTo5VU
sZ4lmIKPLWWmKTTWqoMT6h8Pzah0JBoWlGYFMDXfsGwglaQlIjWkF+djvUvnx9XU
6N81cExmqppXTY0EPyxt+mbBkVQu1IWnYWyj5uHYzh4zZxpICgaktOJVk3Xq69Zw
a2fBvoOvgSo=
=jnYO
-----END PGP SIGNATURE-----
More information about the Ftp-release
mailing list