[OE-core] [PATCH 0/1][fido][dizzy] dbus: Fix CVE-2015-0245
akuster808
akuster808 at gmail.com
Sun Jun 28 13:24:10 UTC 2015
merged to staging
thanks,
armin
On 06/24/2015 01:04 PM, Jussi Kukkonen wrote:
> This is for fido and possibly dizzy, not master.
>
> D-Bus 1.8.16 fixes CVE-2015-0245 "prevent forged ActivationFailure from
> non-root processes". This patch does not contain the same fix but a
> configuration change that upstream suggests as a easily backportable
> fix.
>
> The issue is only a local denial of service so not terribly dangerous,
> but should be worth fixing since the patch is not intrusive.
>
> I've only tested this on fido, so the [dizzy] is just a suggestion.
>
> Cheers, Jussi
>
>
>
> The following changes since commit eb4a134a60e3ac26a48379675ad6346a44010339:
>
> scripts/combo-layer: Fix exit codes and tty handling (2015-06-11 15:00:20 +0100)
>
> are available in the git repository at:
>
> git://git.yoctoproject.org/poky-contrib jku/dbus-fix-for-fido
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/dbus-fix-for-fido
>
> Jussi Kukkonen (1):
> dbus: CVE-2015-0245: prevent forged ActivationFailure
>
> meta/recipes-core/dbus/dbus.inc | 1 +
> ...015-0245-prevent-forged-ActivationFailure.patch | 48 ++++++++++++++++++++++
> 2 files changed, 49 insertions(+)
> create mode 100644 meta/recipes-core/dbus/dbus/CVE-2015-0245-prevent-forged-ActivationFailure.patch
>
More information about the Openembedded-core
mailing list