#6132: dbus-1.8.16
-------------------------+--------------------------
Reporter: bdubbs@… | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: normal | Milestone: 7.7
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------
Description changed by fo:
Old description:
> New Point version
New description:
New Point version
[http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz]
[http://lists.freedesktop.org/archives/dbus/2015-February/016554.html]
{{{
Security fixes:
• Do not allow non-uid-0 processes to send forged ActivationFailure
messages. On Linux systems with systemd activation, this would
allow a local denial of service: unprivileged processes could
flood the bus with these forged messages, winning the race with
the actual service activation and causing an error reply
to be sent back when service auto-activation was requested.
This does not prevent the real service from being started,
so it only works while the real service is not running.
(CVE-2015-0245, fd.o #88811; Simon McVittie)
}}}
--
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6132#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
