Re: [blfs-book] [BLFS Trac] #6132: dbus-1.8.16

Wed, 11 Feb 2015 12:39:13 -0800 

#6132: dbus-1.8.16
-------------------------+--------------------------
 Reporter:  bdubbs@…     |       Owner:  blfs-book@…
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  7.7
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+--------------------------
Description changed by fo:

Old description:

> New Point version
>
> [http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz]
>
> [http://lists.freedesktop.org/archives/dbus/2015-February/016554.html]
>
> {{{
> ...
> This is a security update release for the current stable branch,
> 1.8.x. Please upgrade unless you have a reason to keep using an older
> branch.
>
> ...
>
> Security fixes:
>
> • Do not allow non-uid-0 processes to send forged ActivationFailure
>   messages. On Linux systems with systemd activation, this would
>   allow a local denial of service: unprivileged processes could
>   flood the bus with these forged messages, winning the race with
>   the actual service activation and causing an error reply
>   to be sent back when service auto-activation was requested.
>   This does not prevent the real service from being started,
>   so it only works while the real service is not running.
>   (CVE-2015-0245, fd.o #88811; Simon McVittie)
>
> ...
> }}}

New description:

 New Point version

 [http://dbus.freedesktop.org/releases/dbus/dbus-1.8.16.tar.gz]

 [http://lists.freedesktop.org/archives/dbus/2015-February/016554.html]

 {{{
 ...

 This is a security update release for the current stable branch,
 1.8.x. Please upgrade unless you have a reason to keep using an older
 branch.

 ...

 Security fixes:

 • Do not allow non-uid-0 processes to send forged ActivationFailure
   messages. On Linux systems with systemd activation, this would
   allow a local denial of service: unprivileged processes could
   flood the bus with these forged messages, winning the race with
   the actual service activation and causing an error reply
   to be sent back when service auto-activation was requested.
   This does not prevent the real service from being started,
   so it only works while the real service is not running.
   (CVE-2015-0245, fd.o #88811; Simon McVittie)

 ...
 }}}

--

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6132#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to