diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-09 11:06:32 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-09 11:06:32 +0000 |
commit | a3c1b66b7a784280b0763ee4014c258144ae7876 (patch) | |
tree | c505c8b1633b1f83ae953769741ba1c13b0bd7ae /NEWS | |
parent | 239fa2081293ed26455e98b73a6c484730b00372 (diff) | |
parent | 03c5e161752fe1ff4925955800ca9c78d09a6e0c (diff) | |
download | dbus-a3c1b66b7a784280b0763ee4014c258144ae7876.tar.gz |
Merge branch '1.8-cve-2015-0245' into cve-2015-0245
Conflicts:
NEWS
bus/system.conf.in
configure.ac
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -1,6 +1,20 @@ D-Bus 1.9.10 (UNRELEASED) == +The “sad cyborgs” release. + +Security fixes: + +• Do not allow non-uid-0 processes to send forged ActivationFailure + messages. On Linux systems with systemd activation, this would + allow a local denial of service: unprivileged processes could + flood the bus with these forged messages, winning the race with + the actual service activation and causing an error reply + to be sent back when service auto-activation was requested. + This does not prevent the real service from being started, + so it only works while the real service is not running. + (CVE-2015-0245, fd.o #88811; Simon McVittie) + Enhancements: • The new Monitoring interface in the dbus-daemon lets dbus-monitor and @@ -22,7 +36,7 @@ Enhancements: or libpcap-compatible framing treating each D-Bus message as a captured packet. (fd.o #46787, Simon) -Fixes: +Other fixes: • Fix some CMake build regressions (fd.o #88964, Ralf Habacker) |