dbus 1.6.18-0ubuntu4.2 source package in Ubuntu
Changelog
dbus (1.6.18-0ubuntu4.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overrun via odd max_message_unix_fds
- debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding
in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a
non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h.
- CVE-2014-3635
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-3636.patch: reduce max number of fds in
bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c,
dbus/dbus-sysdeps.h.
- CVE-2014-3636
* SECURITY UPDATE: denial of service via persistent file descriptiors
- debian/patches/CVE-2014-3637.patch: add a timeout to expire pending
fds in bus/bus.*, bus/config-parser.c, bus/connection.c,
bus/session.conf.in, cmake/bus/dbus-daemon.xml,
dbus/dbus-connection-internal.h, dbus/dbus-connection.c,
dbus/dbus-message-internal.h, dbus/dbus-message-private.h,
dbus/dbus-message.c, dbus/dbus-transport.*.
- CVE-2014-3637
* SECURITY UPDATE: denial of service via large number of pending replies
- debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
to 128 in bus/config-parser.c.
- CVE-2014-3638
* SECURITY UPDATE: denial of service via incomplete connections
- debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
bus/config-parser.c, stop listening on DBusServer sockets when
reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 10:16:51 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| dbus_1.6.18.orig.tar.gz | 1.8 MiB | 7085a0895a9eb11a952394cdbea6d8b4358e17cb991fed0e8fb85e2b9e686dcd |
| dbus_1.6.18-0ubuntu4.2.debian.tar.gz | 76.0 KiB | 98f9ce8fec08cb2b92c1c53a645aa60a9fec19a5e02b46b69234f6e8c912f608 |
| dbus_1.6.18-0ubuntu4.2.dsc | 2.6 KiB | 453dfb37c49a2c27f6a36985a228519fe22006ca48893e4d190b611d4b71e512 |
Available diffs
Binary packages built by this source
- dbus: simple interprocess messaging system (daemon and utilities)
D-Bus is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in
terms of complexity.
.
D-Bus supports broadcast messages, asynchronous messages (thus
decreasing latency), authentication, and more. It is designed to be
low-overhead; messages are sent using a binary protocol, not using
XML. D-Bus also supports a method call mapping for its messages, but
it is not required; this makes using the system quite simple.
.
It comes with several bindings, including GLib, Python, Qt and Java.
.
This package contains the D-Bus daemon and related utilities.
.
The client-side library can be found in the libdbus-1-3 package, as it is no
longer contained in this package.
- dbus-1-dbg: simple interprocess messaging system (debug symbols)
D-Bus is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in
terms of complexity.
.
This package provides support for debugging programs that use the core
D-Bus shared library.
.
See the dbus package description for more information about D-Bus in general.
- dbus-1-doc: simple interprocess messaging system (documentation)
D-Bus is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in
terms of complexity.
.
This package contains the API documentation for D-Bus, as well as
the protocol specification.
.
See the dbus description for more information about D-Bus in general.
- dbus-x11: simple interprocess messaging system (X11 deps)
D-Bus is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in
terms of complexity.
.
This package contains the dbus-launch utility which is necessary for
packages using a D-Bus session bus.
.
See the dbus description for more information about D-Bus in general.
- libdbus-1-3: simple interprocess messaging system (library)
D-Bus is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in
terms of complexity.
.
D-Bus supports broadcast messages, asynchronous messages (thus
decreasing latency), authentication, and more. It is designed to be
low-overhead; messages are sent using a binary protocol, not using
XML. D-Bus also supports a method call mapping for its messages, but
it is not required; this makes using the system quite simple.
.
It comes with several bindings, including GLib, Python, Qt and Java.
.
The daemon can be found in the dbus package.
- libdbus-1-dev: simple interprocess messaging system (development headers)
D-Bus is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in
terms of complexity.
.
See the dbus description for more information about D-Bus in general.
