[ANNOUNCE] dbus-broker v19
20 views
Skip to first unread message
David Rheinsberg
Mar 28, 2019, 8:48:28 AM3/28/19
to bus1-devel
Hi
I just tagged v19 of dbus-broker. This is a bugfix release with two
fixes to resource accounting, closing vulnerabilities where clients
could exceed their resource quotas. Furthermore, the release contains
some minor logging improvements and fixes compilation with other
standard libraries than glibc. All users are recommended to upgrade.
Please let us know of any issues.
https://github.com/bus1/dbus-broker/releases/tag/v19
## CHANGES WITH 19:
* Fix a possible integer overflow in resource quota calculations.
Before this, it was possible to exceed the assigned resource limits
by crafting messages that trigger this integer overflow. This
effectively allows machine-local resource exhaustion.
* Fix the resource limit calculation. Previously, resource limits were
incorrectly calculated, leading too limits that were higher than
intended.
Contributions from: David Herrmann, Tom Gundersen
- Tübingen, 2019-03-28
I just tagged v19 of dbus-broker. This is a bugfix release with two
fixes to resource accounting, closing vulnerabilities where clients
could exceed their resource quotas. Furthermore, the release contains
some minor logging improvements and fixes compilation with other
standard libraries than glibc. All users are recommended to upgrade.
Please let us know of any issues.
https://github.com/bus1/dbus-broker/releases/tag/v19
## CHANGES WITH 19:
* Fix a possible integer overflow in resource quota calculations.
Before this, it was possible to exceed the assigned resource limits
by crafting messages that trigger this integer overflow. This
effectively allows machine-local resource exhaustion.
* Fix the resource limit calculation. Previously, resource limits were
incorrectly calculated, leading too limits that were higher than
intended.
Contributions from: David Herrmann, Tom Gundersen
- Tübingen, 2019-03-28
Reply all
Reply to author
Forward
0 new messages