UbuntuUpdates.org

Package "dbus-user-session"

Name: dbus-user-session

Description:

simple interprocess messaging system (systemd --user integration)

Latest version: 1.10.6-1ubuntu3.6
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: dbus
Homepage: http://dbus.freedesktop.org/

Links


Download "dbus-user-session"


Other versions of "dbus-user-session" in Xenial

Repository Area Version
base universe 1.10.6-1ubuntu3
security universe 1.10.6-1ubuntu3.6

Changelog

Version: 1.10.6-1ubuntu3.6 2020-06-16 18:06:43 UTC

  dbus (1.10.6-1ubuntu3.6) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
      we did receive in dbus/dbus-sysdeps-unix.c.
    - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
      descriptors in test/fdpass.c.
    - CVE-2020-12049

 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:26:07 -0400

Source diff to previous version
CVE-2020-12049 An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exc

Version: 1.10.6-1ubuntu3.5 2019-12-09 10:07:37 UTC

  dbus (1.10.6-1ubuntu3.5) xenial; urgency=medium

  * Prevent logind from leaking session files (LP: #1846787). Fixed by
    upstream patches:
    - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch
    - d/p/bus-Fix-timeout-restarts.patch
    - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch

 -- Heitor Alves de Siqueira <email address hidden> Mon, 07 Oct 2019 08:29:04 -0300

Source diff to previous version
1846787 systemd-logind leaves leftover sessions and scope files

Version: 1.10.6-1ubuntu3.4 2019-06-11 19:06:18 UTC

  dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400

Source diff to previous version
CVE-2019-12749 DBusServer DBUS_COOKIE_SHA1 authentication bypass

Version: 1.10.6-1ubuntu3.3 2017-01-17 17:06:38 UTC

  dbus (1.10.6-1ubuntu3.3) xenial; urgency=medium

  * debian/dbus.user-session.upstart:
    - Temporarily revert latest changes as those seem to cause issues in the
      unity8 session on touch (LP: #1654241).

 -- Ɓukasz 'sil2100' Zemczak <email address hidden> Thu, 12 Jan 2017 19:01:21 +0100

Source diff to previous version
1654241 system collapses when user presses 'next' in the wizard with dbus 1.10.6-1ubuntu3.2

Version: 1.10.6-1ubuntu3.1 2016-11-01 20:07:00 UTC

  dbus (1.10.6-1ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability (likely limited to uid 0 only)
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:33:00 -0400




About   -   Send Feedback to @ubuntu_updates