[OE-core] [PATCH 0/1][fido][dizzy] dbus: Fix CVE-2015-0245
Jussi Kukkonen
jussi.kukkonen at intel.com
Wed Jun 24 20:04:57 UTC 2015
This is for fido and possibly dizzy, not master.
D-Bus 1.8.16 fixes CVE-2015-0245 "prevent forged ActivationFailure from
non-root processes". This patch does not contain the same fix but a
configuration change that upstream suggests as a easily backportable
fix.
The issue is only a local denial of service so not terribly dangerous,
but should be worth fixing since the patch is not intrusive.
I've only tested this on fido, so the [dizzy] is just a suggestion.
Cheers, Jussi
The following changes since commit eb4a134a60e3ac26a48379675ad6346a44010339:
scripts/combo-layer: Fix exit codes and tty handling (2015-06-11 15:00:20 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib jku/dbus-fix-for-fido
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/dbus-fix-for-fido
Jussi Kukkonen (1):
dbus: CVE-2015-0245: prevent forged ActivationFailure
meta/recipes-core/dbus/dbus.inc | 1 +
...015-0245-prevent-forged-ActivationFailure.patch | 48 ++++++++++++++++++++++
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-core/dbus/dbus/CVE-2015-0245-prevent-forged-ActivationFailure.patch
--
2.1.4
More information about the Openembedded-core
mailing list