diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-09-15 19:37:47 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-09-15 19:37:47 +0100 |
commit | e1d20aacab56afd8795b8d7403f81c87353cc658 (patch) | |
tree | ad39961d6913f2e4f6de38799f96617a3db75b44 | |
parent | 94b8d5e7a85bfb6c9a92b8e22e382b2e0ded2b59 (diff) | |
download | dbus-e1d20aacab56afd8795b8d7403f81c87353cc658.tar.gz |
1.6.24 security release for tomorrowdbus-1.6.24
-rw-r--r-- | NEWS | 40 | ||||
-rw-r--r-- | configure.ac | 4 |
2 files changed, 40 insertions, 4 deletions
@@ -1,7 +1,43 @@ -D-Bus 1.6.24 (UNRELEASED) +D-Bus 1.6.24 (2014-09-16) == -... +The "least civilized in the entire galaxy" release. + +Security fixes backported from 1.8.8: + +• Do not accept an extra fd in the padding of a cmsg message, which + could lead to a 4-byte heap buffer overrun. + (CVE-2014-3635, fd.o #83622; Simon McVittie) + +• Reduce default for maximum Unix file descriptors passed per message + from 1024 to 16, preventing a uid with the default maximum number of + connections from exhausting the system bus' file descriptors under + Linux's default rlimit. Distributors or system administrators with a + more restrictive fd limit may wish to reduce these limits further. + + Additionally, on Linux this prevents a second denial of service + in which the dbus-daemon can be made to exceed the maximum number + of fds per sendmsg() and disconnect the process that would have + received them. + (CVE-2014-3636, fd.o #82820; Alban Crequy) + +• Disconnect connections that still have a fd pending unmarshalling after + a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), + removing the possibility of creating an abusive connection that cannot be + disconnected by setting up a circular reference to a connection's + file descriptor. + (CVE-2014-3637, fd.o #80559; Alban Crequy) + +• Reduce default for maximum pending replies per connection from 8192 to 128, + mitigating an algorithmic complexity denial-of-service attack + (CVE-2014-3638, fd.o #81053; Alban Crequy) + +• Reduce default for authentication timeout on the system bus from + 30 seconds to 5 seconds, avoiding denial of service by using up + all unauthenticated connection slots; and when all unauthenticated + connection slots are used up, make new connection attempts block + instead of disconnecting them. + (CVE-2014-3639, fd.o #80919; Alban Crequy) D-Bus 1.6.22 (2014-06-02) == diff --git a/configure.ac b/configure.ac index ad9c843f..f896672a 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [23]) +m4_define([dbus_micro_version], [24]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=10 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=8 +LT_REVISION=9 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |