[ubuntu/trusty-security] dbus 1.6.18-0ubuntu4.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 27 15:25:12 UTC 2014


dbus (1.6.18-0ubuntu4.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

Date: 2014-11-25 20:27:25.663031+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/dbus/1.6.18-0ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list