Opened 10 years ago
Closed 10 years ago
#974 closed task (fixed)
D-Bus 1.8.6 Security Fix
| Reported by: | William Harrington | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | CLFS Standard 3.0 |
| Component: | BOOK | Version: | CLFS Standard GIT |
| Keywords: | Cc: | berzerkula@…, jonathan@…, chris@… |
Description
http://thread.gmane.org/gmane.comp.freedesktop.dbus/15832
D-Bus 1.8.6 includes two security fixes which I think are critical for our current systemd build. I'd like to add this before release.
Security fixes:
- On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fd.o #80163, CVE-2014-3532; Alban Crequy)
- Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack in which a malicious client can make dbus-daemon disconnect a system service. (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie, Alban Crequy)
Other fixes:
- When dbus-launch --exit-with-session starts a dbus-daemon but then cannot attach to a session, kill the dbus-daemon as intended (fd.o #74698, Роман Донченко)
Change History (2)
comment:1 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in http://trac.cross-lfs.org/changeset/8d5df0bef47db128d44d940d3e3645155748bce4.