CVE-2014-3532 CVE-2014-3533 bnc#885241 fdo#80163 fdo#79694 fd0#80469
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=169
This commit is contained in:
parent
95d13f471b
commit
34d40b000c
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 2 16:15:37 UTC 2014 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.6:
|
||||
+ Security fixes:
|
||||
- On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
|
||||
silently drop the message. This prevents an attack in which
|
||||
a malicious client can make dbus-daemon disconnect a system
|
||||
service, which is a local denial of service.
|
||||
(bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy)
|
||||
- Track remaining Unix file descriptors correctly when more
|
||||
than one message in quick succession contains fds. This
|
||||
prevents another attack in which a malicious client can make
|
||||
dbus-daemon disconnect a system service.
|
||||
(bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro
|
||||
Martínez Suárez, Simon McVittie, Alban Crequy)
|
||||
+ Other fixes:
|
||||
- When dbus-launch --exit-with-session starts a dbus-daemon but
|
||||
then cannot attach to a session, kill the dbus-daemon as
|
||||
intended (fdo#74698, Роман Донченко)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 11 04:58:38 UTC 2014 - fstrba@suse.com
|
||||
|
||||
|
@ -46,7 +46,7 @@ BuildRequires: pkgconfig(libsystemd-login)
|
||||
BuildRequires: libexpat-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkg-config
|
||||
Version: 1.8.4
|
||||
Version: 1.8.6
|
||||
Release: 0
|
||||
#
|
||||
Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3ef63dc8d0111042071ee7f7bafa0650c6ce2d7be957ef0b7ec269495a651ff8
|
||||
size 1860286
|
3
dbus-1.8.6.tar.gz
Normal file
3
dbus-1.8.6.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:eded83ca007b719f32761e60fd8b9ffd0f5796a4caf455b01b5a5ef740ebd23f
|
||||
size 1861784
|
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 2 16:15:37 UTC 2014 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.6:
|
||||
+ Security fixes:
|
||||
- On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
|
||||
silently drop the message. This prevents an attack in which
|
||||
a malicious client can make dbus-daemon disconnect a system
|
||||
service, which is a local denial of service.
|
||||
(bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy)
|
||||
- Track remaining Unix file descriptors correctly when more
|
||||
than one message in quick succession contains fds. This
|
||||
prevents another attack in which a malicious client can make
|
||||
dbus-daemon disconnect a system service.
|
||||
(bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro
|
||||
Martínez Suárez, Simon McVittie, Alban Crequy)
|
||||
+ Other fixes:
|
||||
- When dbus-launch --exit-with-session starts a dbus-daemon but
|
||||
then cannot attach to a session, kill the dbus-daemon as
|
||||
intended (fdo#74698, Роман Донченко)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 11 04:58:38 UTC 2014 - fstrba@suse.com
|
||||
|
||||
|
@ -40,7 +40,7 @@ BuildRequires: pkgconfig(libsystemd-login)
|
||||
BuildRequires: libexpat-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkg-config
|
||||
Version: 1.8.4
|
||||
Version: 1.8.6
|
||||
Release: 0
|
||||
#
|
||||
Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
|
||||
|
Loading…
Reference in New Issue
Block a user