[ubuntu/trusty-security] dbus 1.6.18-0ubuntu4.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 27 15:25:12 UTC 2014

dbus (1.6.18-0ubuntu4.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
    - CVE-2014-3639

Date: 2014-11-25 20:27:25.663031+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list