diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -1,7 +1,20 @@ -dbus 1.12.18 (UNRELEASED) +dbus 1.12.18 (2020-06-02) ========================= -Fixes: +The “telepathic vines” release. + +Denial of service fixes: + +• CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + +Other fixes: • Fix a crash when the dbus-daemon is terminated while one or more monitors are active (dbus#291, dbus!140; Simon McVittie) |