Fedora alert FEDORA-2014-8059 (dbus)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 20 Update: dbus-1.6.12-9.fc20 | |
| Date: | Tue, 08 Jul 2014 01:04:40 +0000 | |
| Message-ID: | <20140708010440.36C6A23F58@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-8059 2014-07-03 23:38:27 -------------------------------------------------------------------------------- Name : dbus Product : Fedora 20 Version : 1.6.12 Release : 9.fc20 URL : http://www.freedesktop.org/software/dbus/ Summary : D-BUS message bus Description : D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. -------------------------------------------------------------------------------- Update Information: - Backport patches from dbus-1.6 - Fixes CVE-2014-3477 (fd.o#78979) - Fixes CVE-2014-3532 (fd.o#80163) - Fixes CVE-2014-3533 (fd.o#80469) - Resolves #1115636 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Colin Walters <walters@redhat.com> - 1:1.6.12-9 - Backport patches from dbus-1.6 - Fixes CVE-2014-3477 (fd.o#78979) - Fixes CVE-2014-3532 (fd.o#80163) - Fixes CVE-2014-3533 (fd.o#80469) - Resolves #1115636 * Thu Dec 26 2013 Dan HorĂ¡k <dan[at]danny.cz> - 1:1.6.12-8 - valgrind is available only on selected arches * Fri Dec 20 2013 Colin Walters <walters@redhat.com> - 1:1.6.12-7 - Disable -Werror for now; the alignment code is right, but I do not want to adjust the code right now to fix the warning. Just get a build going with the previous code to Resolves: #1044726 * Wed Dec 18 2013 Colin Walters <walters@redhat.com> - 1:1.6.12-6 - BR valgrind; was probably not intended to be a dependency by default, but there's really no reason why not to use it. * Mon Nov 11 2013 Dan Williams <dcbw@redhat.com> - 1:1.6.12-5 - Fix infinite loop in _dbus_babysitter_unref() (fdo#68945) (rh#1016446) * Wed Jul 24 2013 Colin Walters <walters@verbum.org> - 1:1.6.12-4 - Add patch to fix test-marshal on s390. * Thu Jul 18 2013 Colin Walters <walters@verbum.org> - 1:1.6.12-3 - Find all logs automake has hidden and cat them for visibility into the mock logs. * Thu Jul 18 2013 Colin Walters <walters@verbum.org> - 1:1.6.12-2 - Enable all upstream tests Resolves: #955532 This is fairly hacky; a much better replacement would be something like the InstalledTests system. But we have to live with rpm and stuff for now... -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114414 - CVE-2014-3532 dbus: denial of service in file descriptor passing feature https://bugzilla.redhat.com/show_bug.cgi?id=1114414 [ 2 ] Bug #1114416 - CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors https://bugzilla.redhat.com/show_bug.cgi?id=1114416 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update dbus' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...