Format: 1.8 Date: Wed, 17 Sep 2014 10:16:51 -0400 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: i386 all Version: 1.6.18-0ubuntu4.2 Distribution: trusty Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: dbus - simple interprocess messaging system (daemon and utilities) dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system (library) libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.6.18-0ubuntu4.2) trusty-security; urgency=medium . * SECURITY UPDATE: buffer overrun via odd max_message_unix_fds - debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h. - CVE-2014-3635 * SECURITY UPDATE: denial of service via large number of fds - debian/patches/CVE-2014-3636.patch: reduce max number of fds in bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c, dbus/dbus-sysdeps.h. - CVE-2014-3636 * SECURITY UPDATE: denial of service via persistent file descriptiors - debian/patches/CVE-2014-3637.patch: add a timeout to expire pending fds in bus/bus.*, bus/config-parser.c, bus/connection.c, bus/session.conf.in, cmake/bus/dbus-daemon.xml, dbus/dbus-connection-internal.h, dbus/dbus-connection.c, dbus/dbus-message-internal.h, dbus/dbus-message-private.h, dbus/dbus-message.c, dbus/dbus-transport.*. - CVE-2014-3637 * SECURITY UPDATE: denial of service via large number of pending replies - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection to 128 in bus/config-parser.c. - CVE-2014-3638 * SECURITY UPDATE: denial of service via incomplete connections - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in bus/config-parser.c, stop listening on DBusServer sockets when reaching max_incomplete_connections in bus/bus.*, bus/connection.*, dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*. - CVE-2014-3639 Checksums-Sha1: bcf5a7987fe216820993f782e502565861b0620d 232612 dbus_1.6.18-0ubuntu4.2_i386.deb 38486f891612fa80de8e3cf1a008b372cd5f372b 18528 dbus-x11_1.6.18-0ubuntu4.2_i386.deb f94b29c05034cb879abc57fc2a3e676a1913be9a 131554 libdbus-1-3_1.6.18-0ubuntu4.2_i386.deb f4edb93dfa2c695a5e1fdfdcb2f5d56f65766f18 1293454 dbus-1-doc_1.6.18-0ubuntu4.2_all.deb 3afe7322e01877b8a092e0bab9a885bc0f572add 145960 libdbus-1-dev_1.6.18-0ubuntu4.2_i386.deb 1141dc0366aa59e01dc3fb721c05132e69d42f4e 2898608 dbus-1-dbg_1.6.18-0ubuntu4.2_i386.deb Checksums-Sha256: b6c2d50c9a55387a40294a3a5763ecd8244622b3ff57e76672d4e4b21516939f 232612 dbus_1.6.18-0ubuntu4.2_i386.deb 2c6391cd732f84910b475b6966a7a544a99824ce87b246c3da86bb9c6eee522c 18528 dbus-x11_1.6.18-0ubuntu4.2_i386.deb f852217b72edf01d3881ca2dcd51581a2fc0fef834cc37085352360f64e67fad 131554 libdbus-1-3_1.6.18-0ubuntu4.2_i386.deb de9038a303aa396654168f685a3eadd7c1f2bcd5335c3d7b03399c62ba7fda7b 1293454 dbus-1-doc_1.6.18-0ubuntu4.2_all.deb 2696d465f46875fc67f84d461f7002fa5d1165342b5ddfb3ef49adb0e1f10845 145960 libdbus-1-dev_1.6.18-0ubuntu4.2_i386.deb c2e9ac7c6329cc9a20f3f8d1a8a3a2a7bf8a6513f6d760a944ca58184808c170 2898608 dbus-1-dbg_1.6.18-0ubuntu4.2_i386.deb Files: 67d3cbad4272673a8b20a1472e8f1afb 232612 admin optional dbus_1.6.18-0ubuntu4.2_i386.deb f794d9c77e2acc816546457d0eb0c67c 18528 x11 optional dbus-x11_1.6.18-0ubuntu4.2_i386.deb a12cfa7332329b6482072ce64367c387 131554 libs optional libdbus-1-3_1.6.18-0ubuntu4.2_i386.deb 6ef4c2d16ed52e97f132217a89cbe5f9 1293454 doc optional dbus-1-doc_1.6.18-0ubuntu4.2_all.deb ddd25bc259a1b041f6a153fc9a441fb5 145960 libdevel optional libdbus-1-dev_1.6.18-0ubuntu4.2_i386.deb 664e9b3f55f49854540e4f0788991aec 2898608 debug extra dbus-1-dbg_1.6.18-0ubuntu4.2_i386.deb Original-Maintainer: Utopia Maintenance Team