summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <simon.mcvittie@collabora.co.uk>2014-09-15 19:37:47 +0100
committerSimon McVittie <simon.mcvittie@collabora.co.uk>2014-09-15 19:37:47 +0100
commite1d20aacab56afd8795b8d7403f81c87353cc658 (patch)
treead39961d6913f2e4f6de38799f96617a3db75b44
parent94b8d5e7a85bfb6c9a92b8e22e382b2e0ded2b59 (diff)
1.6.24 security release for tomorrowdbus-1.6.24
-rw-r--r--NEWS40
-rw-r--r--configure.ac4
2 files changed, 40 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index e8c390f8..9b4cccd7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,43 @@
-D-Bus 1.6.24 (UNRELEASED)
+D-Bus 1.6.24 (2014-09-16)
==
-...
+The "least civilized in the entire galaxy" release.
+
+Security fixes backported from 1.8.8:
+
+• Do not accept an extra fd in the padding of a cmsg message, which
+ could lead to a 4-byte heap buffer overrun.
+ (CVE-2014-3635, fd.o #83622; Simon McVittie)
+
+• Reduce default for maximum Unix file descriptors passed per message
+ from 1024 to 16, preventing a uid with the default maximum number of
+ connections from exhausting the system bus' file descriptors under
+ Linux's default rlimit. Distributors or system administrators with a
+ more restrictive fd limit may wish to reduce these limits further.
+
+ Additionally, on Linux this prevents a second denial of service
+ in which the dbus-daemon can be made to exceed the maximum number
+ of fds per sendmsg() and disconnect the process that would have
+ received them.
+ (CVE-2014-3636, fd.o #82820; Alban Crequy)
+
+• Disconnect connections that still have a fd pending unmarshalling after
+ a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
+ removing the possibility of creating an abusive connection that cannot be
+ disconnected by setting up a circular reference to a connection's
+ file descriptor.
+ (CVE-2014-3637, fd.o #80559; Alban Crequy)
+
+• Reduce default for maximum pending replies per connection from 8192 to 128,
+ mitigating an algorithmic complexity denial-of-service attack
+ (CVE-2014-3638, fd.o #81053; Alban Crequy)
+
+• Reduce default for authentication timeout on the system bus from
+ 30 seconds to 5 seconds, avoiding denial of service by using up
+ all unauthenticated connection slots; and when all unauthenticated
+ connection slots are used up, make new connection attempts block
+ instead of disconnecting them.
+ (CVE-2014-3639, fd.o #80919; Alban Crequy)
D-Bus 1.6.22 (2014-06-02)
==
diff --git a/configure.ac b/configure.ac
index ad9c843f..f896672a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [6])
-m4_define([dbus_micro_version], [23])
+m4_define([dbus_micro_version], [24])
m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -37,7 +37,7 @@ LT_CURRENT=10
## increment any time the source changes; set to
## 0 if you increment CURRENT
-LT_REVISION=8
+LT_REVISION=9
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has