diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-05 15:43:54 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-05 15:43:54 +0000 |
| commit | 8ddb7c816f03753f244cce0e8bab4eda271566b6 (patch) | |
| tree | 44fb789d2e03955d7f4d482ba1583e255335e9e0 | |
| parent | f9697e04f1c9871cb54a99f087e97e4bb9e41e06 (diff) | |
1.6.30dbus-1.6.30
| -rw-r--r-- | NEWS | 14 | ||||
| -rw-r--r-- | configure.ac | 4 |
2 files changed, 14 insertions, 4 deletions
@@ -1,7 +1,17 @@ -D-Bus 1.6.30 (UNRELEASED) +D-Bus 1.6.30 (2015-02-09) == -... +Security fix backported from 1.8.16: + +• Do not allow non-uid-0 processes to send forged ActivationFailure + messages. On Linux systems with systemd activation, this would + allow a local denial of service: unprivileged processes could + flood the bus with these forged messages, winning the race with + the actual service activation and causing an error reply + to be sent back when service auto-activation was requested. + This does not prevent the real service from being started, + so the attack only works while the real service is not running. + (CVE-2015-0245, fd.o #88811; Simon McVittie) D-Bus 1.6.28 (2014-11-24) == diff --git a/configure.ac b/configure.ac index 022423ca..39aadd28 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [29]) +m4_define([dbus_micro_version], [30]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=10 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=11 +LT_REVISION=12 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |