[lfs-book] [LFS Trac] #4682: dbus-1.12.20

Thu, 02 Jul 2020 13:07:45 -0700 

#4682: dbus-1.12.20
--------------------+----------------------
 Reporter:  renodr  |      Owner:  lfs-book
     Type:  task    |     Status:  new
 Priority:  high    |  Milestone:  9.2
Component:  Book    |    Version:  SVN
 Severity:  normal  |   Keywords:
--------------------+----------------------
 New security release. "Upgrading is recommended".

 {{{


 dbus is the reference implementation of D-Bus, a message bus for
 communication between applications and system services.

 This is a stable-branch release, including a fix that addresses
 a security vulnerability (on systems that are arguably misconfigured).
 Upgrading is recommended.

 <http://dbus.freedesktop.org/releases/dbus/dbus-1.12.20.tar.gz>
 <http://dbus.freedesktop.org/releases/dbus/dbus-1.12.20.tar.gz.asc>
 git tag: dbus-1.12.20

 The “temporary nemesis” release.

 Maybe security fixes:

 • On Unix, avoid a use-after-free if two usernames have the same
   numeric uid. In older versions this could lead to a crash (denial of
   service) or other undefined behaviour, possibly including incorrect
   authorization decisions if <policy group=...> is used.
   Like Unix filesystems, D-Bus' model of identity cannot distinguish
   between users of different names with the same numeric uid, so this
   configuration is not advisable on systems where D-Bus will be used.
   Thanks to Daniel Onaca.
   (dbus#305, dbus!166; Simon McVittie)

 Other fixes:

 • On Solaris and its derivatives, if a cmsg header is truncated, ensure
   that we do not overrun the buffer used for fd-passing, even if the
   kernel tells us to.
   (dbus#304, dbus!165; Andy Fiddaman)

 --
 Simon McVittie, Collabora Ltd. / Debian
 on behalf of the dbus maintainers
 _______________________________________________
 dbus mailing list
 [email protected]
 https://lists.freedesktop.org/mailman/listinfo/dbus
 }}}

 We're waiting on changes by Thomas in BLFS (he's gone until Sunday
 Evening) for elogind systems. I don't feel comfortable doing this update
 until after he returns.

 I'll get this done Sunday night.

--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4682>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to