Opened 5 years ago

Closed 5 years ago

#974 closed task (fixed)

D-Bus 1.8.6 Security Fix

Reported by: William Harrington Owned by: chris@…
Priority: critical Milestone: CLFS Standard 3.0
Component: BOOK Version: CLFS Standard GIT
Keywords: Cc: berzerkula@…, jonathan@…, chris@…

Description

http://thread.gmane.org/gmane.comp.freedesktop.dbus/15832

D-Bus 1.8.6 includes two security fixes which I think are critical for our current systemd build. I'd like to add this before release.

Security fixes:

  • On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fd.o #80163, CVE-2014-3532; Alban Crequy)
  • Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack in which a malicious client can make dbus-daemon disconnect a system service. (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie?, Alban Crequy)

Other fixes:

  • When dbus-launch --exit-with-session starts a dbus-daemon but then cannot attach to a session, kill the dbus-daemon as intended (fd.o #74698, Роман Донченко)

Change History (2)

comment:1 Changed 5 years ago by chris@…

Owner: changed from clfs-commits@… to chris@…
Status: newassigned

comment:2 Changed 5 years ago by chris@…

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.