diff options
author | Simon McVittie <smcv@collabora.com> | 2022-10-05 10:26:35 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2022-10-05 10:26:35 +0100 |
commit | 0ba4ba3d64d101b70bc9c6349813a4182c0f2a4d (patch) | |
tree | feb9c7926a32a4786371fb23868590130cbfbaae /NEWS | |
parent | bef693f442d854505e7013fd31efe41747d7493c (diff) | |
download | dbus-0ba4ba3d64d101b70bc9c6349813a4182c0f2a4d.tar.gz |
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -23,6 +23,30 @@ Behaviour changes: directory, with the chroot or container. (dbus#416, Simon McVittie) +Denial of service fixes: + +Evgeny Vereshchagin discovered several ways in which an authenticated +local attacker could cause a crash (denial of service) in +dbus-daemon --system or a custom DBusServer. In uncommon configurations +these could potentially be carried out by an authenticated remote attacker. + +• An invalid array of fixed-length elements where the length of the array + is not a multiple of the length of the element would cause an assertion + failure in debug builds or an out-of-bounds read in production builds. + This was a regression in version 1.3.0. + (dbus#413, CVE-2022-42011; Simon McVittie) + +• A syntactically invalid type signature with incorrectly nested parentheses + and curly brackets would cause an assertion failure in debug builds. + Similar messages could potentially result in a crash or incorrect message + processing in a production build, although we are not aware of a practical + example. (dbus#418, CVE-2022-42010; Simon McVittie) + +• A message in non-native endianness with out-of-band Unix file descriptors + would cause a use-after-free and possible memory corruption in production + builds, or an assertion failure in debug builds. This was a regression in + version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) + dbus 1.15.0 (2022-09-22) ======================== |