Format: 1.8 Date: Wed, 17 Sep 2014 10:16:51 -0400 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: ppc64el Version: 1.6.18-0ubuntu4.2 Distribution: trusty Urgency: medium Maintainer: Ubuntu Build Daemon Changed-By: Marc Deslauriers Description: dbus - simple interprocess messaging system (daemon and utilities) dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system (library) libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.6.18-0ubuntu4.2) trusty-security; urgency=medium . * SECURITY UPDATE: buffer overrun via odd max_message_unix_fds - debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h. - CVE-2014-3635 * SECURITY UPDATE: denial of service via large number of fds - debian/patches/CVE-2014-3636.patch: reduce max number of fds in bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c, dbus/dbus-sysdeps.h. - CVE-2014-3636 * SECURITY UPDATE: denial of service via persistent file descriptiors - debian/patches/CVE-2014-3637.patch: add a timeout to expire pending fds in bus/bus.*, bus/config-parser.c, bus/connection.c, bus/session.conf.in, cmake/bus/dbus-daemon.xml, dbus/dbus-connection-internal.h, dbus/dbus-connection.c, dbus/dbus-message-internal.h, dbus/dbus-message-private.h, dbus/dbus-message.c, dbus/dbus-transport.*. - CVE-2014-3637 * SECURITY UPDATE: denial of service via large number of pending replies - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection to 128 in bus/config-parser.c. - CVE-2014-3638 * SECURITY UPDATE: denial of service via incomplete connections - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in bus/config-parser.c, stop listening on DBusServer sockets when reaching max_incomplete_connections in bus/bus.*, bus/connection.*, dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*. - CVE-2014-3639 Checksums-Sha1: fa975caa25cf1613a93354481d7ec07358492315 215996 dbus_1.6.18-0ubuntu4.2_ppc64el.deb c2b90668d71356ff1af9863cd0faedca72ce7c27 18728 dbus-x11_1.6.18-0ubuntu4.2_ppc64el.deb 6b711de4e166092f4f762b25415e1744cebadd41 125696 libdbus-1-3_1.6.18-0ubuntu4.2_ppc64el.deb 02dd2f89d688ec31a77318eb1d5bc902c93d1861 169032 libdbus-1-dev_1.6.18-0ubuntu4.2_ppc64el.deb 6b6808c3ff514dd61174a468d6f374a1d4a0463f 3652354 dbus-1-dbg_1.6.18-0ubuntu4.2_ppc64el.deb Checksums-Sha256: ee42377bb73c14c2b07d367401fce4ef32906e998aee129e7a860c4ee8a4605e 215996 dbus_1.6.18-0ubuntu4.2_ppc64el.deb 92e0071049eda8eb1db01bf8c92d3b9205137443c11417bbba0b86d54f71e723 18728 dbus-x11_1.6.18-0ubuntu4.2_ppc64el.deb 09866ff804f0f2915dc89ed187e296f48d011558cb32d2fad04709df31eb3143 125696 libdbus-1-3_1.6.18-0ubuntu4.2_ppc64el.deb 24da3c1986952bd11fbda6e1518345e49f8e96ea1f5e182d00cc9f131b138c88 169032 libdbus-1-dev_1.6.18-0ubuntu4.2_ppc64el.deb 9a5243c84d59d9828ad92e9dca52e1d944fac7511fb23c33d517babd1e42e60e 3652354 dbus-1-dbg_1.6.18-0ubuntu4.2_ppc64el.deb Files: 857dad2c3b01d5f859e4729b7ee14e26 215996 admin optional dbus_1.6.18-0ubuntu4.2_ppc64el.deb fc3446a81e06f7fdc20590b9f4521423 18728 x11 optional dbus-x11_1.6.18-0ubuntu4.2_ppc64el.deb 61a78bdd77c48fb6729b7be5a38845ec 125696 libs optional libdbus-1-3_1.6.18-0ubuntu4.2_ppc64el.deb d3b0fc66ef53e3f8b332a1ccb4cb5950 169032 libdevel optional libdbus-1-dev_1.6.18-0ubuntu4.2_ppc64el.deb f9e63d70be9002db1da5a72d1c1dd941 3652354 debug extra dbus-1-dbg_1.6.18-0ubuntu4.2_ppc64el.deb Original-Maintainer: Utopia Maintenance Team