Announcing dbus 1.6.26 (security fix release)
Simon McVittie
simon.mcvittie at collabora.co.uk
Mon Nov 10 08:09:16 PST 2014
This is a security release for the old-stable branch. Upgrading to
1.8.10 instead is recommended, but if you need to use 1.6.x:
http://dbus.freedesktop.org/releases/dbus/dbus-1.6.26.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.6.26.tar.gz.asc
git tag: dbus-1.6.26
git branch: dbus-1.6
Security fix backported from 1.8.10:
• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
so that CVE-2014-3636 part A cannot exhaust the system bus'
file descriptors, completing the incomplete fix in 1.8.8.
(CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)
--
Simon McVittie, Collabora Ltd.
for the D-Bus maintainers
More information about the dbus
mailing list