diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-10-02 15:20:55 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2022-10-05 10:48:43 +0100 |
| commit | c32ecc6234fc090d031b533bb5ab53f580aa8788 (patch) | |
| tree | 4089caf2ebbe47b3d6a5c613d22021e995c57d3f | |
| parent | f5a174649bd32a29e734b5687524f5677f82c36a (diff) | |
| download | dbus-c32ecc6234fc090d031b533bb5ab53f580aa8788.tar.gz | |
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rw-r--r-- | NEWS | 31 |
1 files changed, 28 insertions, 3 deletions
@@ -23,16 +23,41 @@ Behaviour changes: directory, with the chroot or container. (dbus#416, Simon McVittie) -Fixes: +Denial of service fixes: + +Evgeny Vereshchagin discovered several ways in which an authenticated +local attacker could cause a crash (denial of service) in +dbus-daemon --system or a custom DBusServer. In uncommon configurations +these could potentially be carried out by an authenticated remote attacker. + +• An invalid array of fixed-length elements where the length of the array + is not a multiple of the length of the element would cause an assertion + failure in debug builds or an out-of-bounds read in production builds. + This was a regression in version 1.3.0. + (dbus#413, CVE-2022-42011; Simon McVittie) + +• A syntactically invalid type signature with incorrectly nested parentheses + and curly brackets would cause an assertion failure in debug builds. + Similar messages could potentially result in a crash or incorrect message + processing in a production build, although we are not aware of a practical + example. (dbus#418, CVE-2022-42010; Simon McVittie) + +• A message in non-native endianness with out-of-band Unix file descriptors + would cause a use-after-free and possible memory corruption in production + builds, or an assertion failure in debug builds. This was a regression in + version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) + +Non-security bug fixes: • Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) +• Correctly set error indicator if out-of-memory is reached while + demarshalling a message (fdo#100317, Simon McVittie) + • On Windows, consistently use msvcrt.dll-style printf formats, fixing builds with mingw-w64 8.0.0 (dbus#380, Simon McVittie) -Tests and CI enhancements: - • Use the latest MSYS2 packages for CI, fixing failure to download older packages (Ralf Habacker, Simon McVittie) |