SECURITY: CAN-2005-0201 - D-Bus 0.36.2 released

John (J5) Palmieri johnp at redhat.com
Mon Aug 29 13:32:59 PDT 2005


D-Bus 0.36.2 is released.  This is a security release that fixes an
exploit allowing one user to attach to another user's session bus.

It should be noted that in order to exploit this issue, another user
must be running dbus on the target machine, and the user has to guess
the correct session bus address, which is not trivial.

Anyone using the 0.3x D-Bus series should upgrade.

relevant bug:
https://bugs.freedesktop.org/show_bug.cgi?id=2436

This issue is already public as CAN-2005-0201

As usual:
http://dbus.freedesktop.org/releases/dbus-0.36.2.tar.gz

-- 
John (J5) Palmieri <johnp at redhat.com>



More information about the dbus mailing list