diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-04 16:51:10 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-04 16:51:10 +0000 |
commit | af6e170d8e040759c83b48075b9ae74cc83dd5ed (patch) | |
tree | ebd4e9b0347d199cdd74d16381f337388676feda /NEWS | |
parent | 6dbd09fedc396c53b25ea73c6c8a278beca349c7 (diff) | |
download | dbus-af6e170d8e040759c83b48075b9ae74cc83dd5ed.tar.gz |
Prepare embargoed 1.8.16 releasedbus-1.8.16
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 18 |
1 files changed, 16 insertions, 2 deletions
@@ -1,7 +1,21 @@ -D-Bus 1.8.16 (UNRELEASED) +D-Bus 1.8.16 (2015-02-09) == -Fixes: +The “poorly concealed wrestlers” release. + +Security fixes: + +• Do not allow non-uid-0 processes to send forged ActivationFailure + messages. On Linux systems with systemd activation, this would + allow a local denial of service: unprivileged processes could + flood the bus with these forged messages, winning the race with + the actual service activation and causing an error reply + to be sent back when service auto-activation was requested. + This does not prevent the real service from being started, + so it only works while the real service is not running. + (CVE-2015-0245, fd.o #88811; Simon McVittie) + +Other fixes: • fix a Windows build failure (fd.o #88009, Ralf Habacker) |