directory, with the chroot or container.
(dbus#416, Simon McVittie)
+Denial of service fixes:
+
+Evgeny Vereshchagin discovered several ways in which an authenticated
+local attacker could cause a crash (denial of service) in
+dbus-daemon --system or a custom DBusServer. In uncommon configurations
+these could potentially be carried out by an authenticated remote attacker.
+
+• An invalid array of fixed-length elements where the length of the array
+ is not a multiple of the length of the element would cause an assertion
+ failure in debug builds or an out-of-bounds read in production builds.
+ This was a regression in version 1.3.0.
+ (dbus#413, CVE-2022-42011; Simon McVittie)
+
+• A syntactically invalid type signature with incorrectly nested parentheses
+ and curly brackets would cause an assertion failure in debug builds.
+ Similar messages could potentially result in a crash or incorrect message
+ processing in a production build, although we are not aware of a practical
+ example. (dbus#418, CVE-2022-42010; Simon McVittie)
+
+• A message in non-native endianness with out-of-band Unix file descriptors
+ would cause a use-after-free and possible memory corruption in production
+ builds, or an assertion failure in debug builds. This was a regression in
+ version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
+
dbus 1.14.2 (2022-09-26)
========================
projects / thirdparty / dbus.git / commitdiff
