diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-10-02 15:18:37 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2022-10-05 10:42:05 +0100 |
| commit | 32e7655568f5002a0637f63715d87f580f82000f (patch) | |
| tree | d416e0cb1ecbdc833f689ad37d3e76300beecee3 | |
| parent | 71dd3ad20cf8aca3310fa8d533801fb1d8bdaf1a (diff) | |
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rw-r--r-- | NEWS | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -23,6 +23,30 @@ Behaviour changes: directory, with the chroot or container. (dbus#416, Simon McVittie) +Denial of service fixes: + +Evgeny Vereshchagin discovered several ways in which an authenticated +local attacker could cause a crash (denial of service) in +dbus-daemon --system or a custom DBusServer. In uncommon configurations +these could potentially be carried out by an authenticated remote attacker. + +• An invalid array of fixed-length elements where the length of the array + is not a multiple of the length of the element would cause an assertion + failure in debug builds or an out-of-bounds read in production builds. + This was a regression in version 1.3.0. + (dbus#413, CVE-2022-42011; Simon McVittie) + +• A syntactically invalid type signature with incorrectly nested parentheses + and curly brackets would cause an assertion failure in debug builds. + Similar messages could potentially result in a crash or incorrect message + processing in a production build, although we are not aware of a practical + example. (dbus#418, CVE-2022-42010; Simon McVittie) + +• A message in non-native endianness with out-of-band Unix file descriptors + would cause a use-after-free and possible memory corruption in production + builds, or an assertion failure in debug builds. This was a regression in + version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) + dbus 1.14.2 (2022-09-26) ======================== |