CVE-2014-3635 to CVE-2014-3639
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=175
This commit is contained in:
parent
dea13aa463
commit
d34837aea2
@ -1,3 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 16 16:21:06 UTC 2014 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.8:
|
||||
+ Security fixes:
|
||||
- Do not accept an extra fd in the padding of a cmsg message,
|
||||
which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
|
||||
fdo#83622, bnc#896453; Simon McVittie)
|
||||
- Reduce default for maximum Unix file descriptors passed per
|
||||
message from 1024 to 16, preventing a uid with the default maximum
|
||||
number of connections from exhausting the system bus' file
|
||||
descriptors under Linux's default rlimit. Distributors or system
|
||||
administrators with a more restrictive fd limit may wish to reduce
|
||||
these limits further.
|
||||
Additionally, on Linux this prevents a second denial of service
|
||||
in which the dbus-daemon can be made to exceed the maximum number
|
||||
of fds per sendmsg() and disconnect the process that would have
|
||||
received them. (CVE-2014-3636, fdo#82820, bnc#896453; Alban Crequy)
|
||||
- Disconnect connections that still have a fd pending unmarshalling
|
||||
after a new configurable limit, pending_fd_timeout (defaulting to
|
||||
150 seconds), removing the possibility of creating an abusive
|
||||
connection that cannot be disconnected by setting up a circular
|
||||
reference to a connection's file descriptor. (CVE-2014-3637,
|
||||
fdo#80559, bnc#896453; Alban Crequy)
|
||||
- Reduce default for maximum pending replies per connection from
|
||||
8192 to 128, mitigating an algorithmic complexity
|
||||
denial-of-service attack (CVE-2014-3638, fdo#81053, bnc#896453;
|
||||
Alban Crequy)
|
||||
- Reduce default for authentication timeout on the system bus from
|
||||
30 seconds to 5 seconds, avoiding denial of service by using up
|
||||
all unauthenticated connection slots; and when all unauthenticated
|
||||
connection slots are used up, make new connection attempts block
|
||||
instead of disconnecting them. (CVE-2014-3639, fdo#80919,
|
||||
bnc#896453; Alban Crequy)
|
||||
+ Other fixes:
|
||||
- Check for libsystemd from systemd >= 209, falling back to the
|
||||
older separate libraries if not found (Umut Tezduyar Lindskog,
|
||||
Simon McVittie)
|
||||
- On Linux, use prctl() to disable core dumps from a test executable
|
||||
that deliberately raises SIGSEGV to test dbus-daemon's handling
|
||||
of that condition (fdo#83772, Simon McVittie)
|
||||
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
|
||||
Alban Crequy)
|
||||
- Improve documentation for running tests on Windows (fdo#41252,
|
||||
Ralf Habacker)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 19 00:30:57 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
@ -16,7 +62,7 @@ Wed Jul 2 16:15:37 UTC 2014 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.6:
|
||||
+ Security fixes:
|
||||
- On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
|
||||
- On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
|
||||
silently drop the message. This prevents an attack in which
|
||||
a malicious client can make dbus-daemon disconnect a system
|
||||
service, which is a local denial of service.
|
||||
|
@ -46,7 +46,7 @@ BuildRequires: pkgconfig(libsystemd-login)
|
||||
BuildRequires: libexpat-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkg-config
|
||||
Version: 1.8.6
|
||||
Version: 1.8.8
|
||||
Release: 0
|
||||
#
|
||||
Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:eded83ca007b719f32761e60fd8b9ffd0f5796a4caf455b01b5a5ef740ebd23f
|
||||
size 1861784
|
3
dbus-1.8.8.tar.gz
Normal file
3
dbus-1.8.8.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:dfab263649a979d0fff64a30cac374891a8e9940350e41f3bbd7679af32bd1fd
|
||||
size 1864881
|
@ -1,3 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 16 16:21:06 UTC 2014 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.8:
|
||||
+ Security fixes:
|
||||
- Do not accept an extra fd in the padding of a cmsg message,
|
||||
which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
|
||||
fdo#83622, bnc#896453; Simon McVittie)
|
||||
- Reduce default for maximum Unix file descriptors passed per
|
||||
message from 1024 to 16, preventing a uid with the default maximum
|
||||
number of connections from exhausting the system bus' file
|
||||
descriptors under Linux's default rlimit. Distributors or system
|
||||
administrators with a more restrictive fd limit may wish to reduce
|
||||
these limits further.
|
||||
Additionally, on Linux this prevents a second denial of service
|
||||
in which the dbus-daemon can be made to exceed the maximum number
|
||||
of fds per sendmsg() and disconnect the process that would have
|
||||
received them. (CVE-2014-3636, fdo#82820, bnc#896453; Alban Crequy)
|
||||
- Disconnect connections that still have a fd pending unmarshalling
|
||||
after a new configurable limit, pending_fd_timeout (defaulting to
|
||||
150 seconds), removing the possibility of creating an abusive
|
||||
connection that cannot be disconnected by setting up a circular
|
||||
reference to a connection's file descriptor. (CVE-2014-3637,
|
||||
fdo#80559, bnc#896453; Alban Crequy)
|
||||
- Reduce default for maximum pending replies per connection from
|
||||
8192 to 128, mitigating an algorithmic complexity
|
||||
denial-of-service attack (CVE-2014-3638, fdo#81053, bnc#896453;
|
||||
Alban Crequy)
|
||||
- Reduce default for authentication timeout on the system bus from
|
||||
30 seconds to 5 seconds, avoiding denial of service by using up
|
||||
all unauthenticated connection slots; and when all unauthenticated
|
||||
connection slots are used up, make new connection attempts block
|
||||
instead of disconnecting them. (CVE-2014-3639, fdo#80919,
|
||||
bnc#896453; Alban Crequy)
|
||||
+ Other fixes:
|
||||
- Check for libsystemd from systemd >= 209, falling back to the
|
||||
older separate libraries if not found (Umut Tezduyar Lindskog,
|
||||
Simon McVittie)
|
||||
- On Linux, use prctl() to disable core dumps from a test executable
|
||||
that deliberately raises SIGSEGV to test dbus-daemon's handling
|
||||
of that condition (fdo#83772, Simon McVittie)
|
||||
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
|
||||
Alban Crequy)
|
||||
- Improve documentation for running tests on Windows (fdo#41252,
|
||||
Ralf Habacker)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 19 00:30:57 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
@ -16,7 +62,7 @@ Wed Jul 2 16:15:37 UTC 2014 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.6:
|
||||
+ Security fixes:
|
||||
- On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
|
||||
- On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
|
||||
silently drop the message. This prevents an attack in which
|
||||
a malicious client can make dbus-daemon disconnect a system
|
||||
service, which is a local denial of service.
|
||||
|
@ -40,7 +40,7 @@ BuildRequires: pkgconfig(libsystemd-login)
|
||||
BuildRequires: libexpat-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkg-config
|
||||
Version: 1.8.6
|
||||
Version: 1.8.8
|
||||
Release: 0
|
||||
#
|
||||
Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
|
||||
|
Loading…
Reference in New Issue
Block a user