[Ftp-release] Announcing dbus 1.6.26 (security fix release)

Simon McVittie simon.mcvittie at collabora.co.uk
Mon Nov 10 08:09:16 PST 2014


This is a security release for the old-stable branch. Upgrading to
1.8.10 instead is recommended, but if you need to use 1.6.x:

http://dbus.freedesktop.org/releases/dbus/dbus-1.6.26.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.6.26.tar.gz.asc
git tag: dbus-1.6.26
git branch: dbus-1.6

Security fix backported from 1.8.10:

• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
  so that CVE-2014-3636 part A cannot exhaust the system bus'
  file descriptors, completing the incomplete fix in 1.8.8.
  (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)

-- 
Simon McVittie, Collabora Ltd.
for the D-Bus maintainers


More information about the Ftp-release mailing list