Format: 1.8 Date: Wed, 17 Sep 2014 11:21:20 -0400 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: i386 all Version: 1.4.18-1ubuntu1.6 Distribution: precise Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: dbus - simple interprocess messaging system (daemon and utilities) dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system (library) libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.4.18-1ubuntu1.6) precise-security; urgency=medium . * SECURITY UPDATE: buffer overrun via odd max_message_unix_fds - debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h. - CVE-2014-3635 * SECURITY UPDATE: denial of service via large number of fds - debian/patches/CVE-2014-3636.patch: reduce max number of fds in bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c, dbus/dbus-sysdeps.h. - CVE-2014-3636 * SECURITY UPDATE: denial of service via persistent file descriptiors - debian/patches/CVE-2014-3637.patch: add a timeout to expire pending fds in bus/bus.*, bus/config-parser.c, bus/connection.c, bus/session.conf.in, cmake/bus/dbus-daemon.xml, dbus/dbus-connection-internal.h, dbus/dbus-connection.c, dbus/dbus-message-internal.h, dbus/dbus-message-private.h, dbus/dbus-message.c, dbus/dbus-transport.*. - CVE-2014-3637 * SECURITY UPDATE: denial of service via large number of pending replies - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection to 128 in bus/config-parser.c. - CVE-2014-3638 * SECURITY UPDATE: denial of service via incomplete connections - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in bus/config-parser.c, stop listening on DBusServer sockets when reaching max_incomplete_connections in bus/bus.*, bus/connection.*, dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*. - CVE-2014-3639 Checksums-Sha1: 92434dd5bb0ccd920543b19166cf0e43d4756eaf 368954 dbus_1.4.18-1ubuntu1.6_i386.deb 9816097250f8510bf0baa3c543b457f2c3f0cf77 21512 dbus-x11_1.4.18-1ubuntu1.6_i386.deb ecdee796371ea7e0569f901dd3ca912029c7cfa9 149146 libdbus-1-3_1.4.18-1ubuntu1.6_i386.deb 2d32ed3a9d77894aa849e862545ee93acd1e1c35 2142702 dbus-1-doc_1.4.18-1ubuntu1.6_all.deb 59e7893f343a1baba131d8d503181dab3941a70c 212848 libdbus-1-dev_1.4.18-1ubuntu1.6_i386.deb 866506be86cc0afaec56873364b0739ab8fb09f5 5988760 dbus-1-dbg_1.4.18-1ubuntu1.6_i386.deb Checksums-Sha256: c839925f6d964f5bc196a1b2705e610c0e7acf48fb59bc80fdcc16021caf9b5d 368954 dbus_1.4.18-1ubuntu1.6_i386.deb c257b19bb72b66e69f5deed31df84277d4bede5b65f4e4e24c763bdd0b72cde5 21512 dbus-x11_1.4.18-1ubuntu1.6_i386.deb 0b50a22bdb65232a8223935743daf1b32f59b8459323f6784522f7fac5b33632 149146 libdbus-1-3_1.4.18-1ubuntu1.6_i386.deb 48e74c70d425c20837131ec25e352ed5c226184e00c44f91202c526c09fb3c25 2142702 dbus-1-doc_1.4.18-1ubuntu1.6_all.deb 1671f22629aab31c5c3142fd400c8d4ee1a5a23c88f2e6490eda452158fcf2d3 212848 libdbus-1-dev_1.4.18-1ubuntu1.6_i386.deb 7c006b941002b3134c0de715de600bed596243081eb692df5535f84481ee6b9d 5988760 dbus-1-dbg_1.4.18-1ubuntu1.6_i386.deb Files: d7a4d6604ffd296f893b63abc87aca94 368954 admin optional dbus_1.4.18-1ubuntu1.6_i386.deb b921a600bdf965856916a1ed7f456483 21512 x11 optional dbus-x11_1.4.18-1ubuntu1.6_i386.deb 78d3be791434ff242ac75730a354685f 149146 libs optional libdbus-1-3_1.4.18-1ubuntu1.6_i386.deb c1d24db3aca8272b6f891644df1177cd 2142702 doc optional dbus-1-doc_1.4.18-1ubuntu1.6_all.deb ec53ba48a0311199ced67279cac4de97 212848 libdevel optional libdbus-1-dev_1.4.18-1ubuntu1.6_i386.deb a0e42862dd48236ba433a2bd0eb83460 5988760 debug extra dbus-1-dbg_1.4.18-1ubuntu1.6_i386.deb Original-Maintainer: Utopia Maintenance Team