From: Simon McVittie Date: Wed, 5 Oct 2022 09:26:35 +0000 (+0100) Subject: Update NEWS X-Git-Tag: dbus-1.15.2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ba4ba3d64d101b70bc9c6349813a4182c0f2a4d;p=thirdparty%2Fdbus.git Update NEWS Signed-off-by: Simon McVittie --- diff --git a/NEWS b/NEWS index ec183183e..28137caa6 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,30 @@ Behaviour changes: directory, with the chroot or container. (dbus#416, Simon McVittie) +Denial of service fixes: + +Evgeny Vereshchagin discovered several ways in which an authenticated +local attacker could cause a crash (denial of service) in +dbus-daemon --system or a custom DBusServer. In uncommon configurations +these could potentially be carried out by an authenticated remote attacker. + +• An invalid array of fixed-length elements where the length of the array + is not a multiple of the length of the element would cause an assertion + failure in debug builds or an out-of-bounds read in production builds. + This was a regression in version 1.3.0. + (dbus#413, CVE-2022-42011; Simon McVittie) + +• A syntactically invalid type signature with incorrectly nested parentheses + and curly brackets would cause an assertion failure in debug builds. + Similar messages could potentially result in a crash or incorrect message + processing in a production build, although we are not aware of a practical + example. (dbus#418, CVE-2022-42010; Simon McVittie) + +• A message in non-native endianness with out-of-band Unix file descriptors + would cause a use-after-free and possible memory corruption in production + builds, or an assertion failure in debug builds. This was a regression in + version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) + dbus 1.15.0 (2022-09-22) ========================