Ticket #974 (closed task: fixed)

Opened 3 years ago

Last modified 3 years ago

D-Bus 1.8.6 Security Fix

Reported by: kb0iic Owned by: chris@…
Priority: critical Milestone: CLFS Standard 3.0
Component: BOOK Version: CLFS Standard GIT
Keywords: Cc: berzerkula@…, jonathan@…, chris@…

Description

 http://thread.gmane.org/gmane.comp.freedesktop.dbus/15832

D-Bus 1.8.6 includes two security fixes which I think are critical for our current systemd build. I'd like to add this before release.

Security fixes:

• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently

drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fd.o #80163, CVE-2014-3532; Alban Crequy)

• Track remaining Unix file descriptors correctly when more than one

message in quick succession contains fds. This prevents another attack in which a malicious client can make dbus-daemon disconnect a system service. (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie?, Alban Crequy)

Other fixes:

• When dbus-launch --exit-with-session starts a dbus-daemon but then

cannot attach to a session, kill the dbus-daemon as intended (fd.o #74698, Роман Донченко)

Change History

comment:1 Changed 3 years ago by chris@…

  • Owner changed from clfs-commits@… to chris@…
  • Status changed from new to assigned

comment:2 Changed 3 years ago by chris@…

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.