path: root/configs/orangepi_one_plus_defconfig
diff options
authorGravatar Peter Korsgaard <peter@korsgaard.com>2019-06-12 23:40:30 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-06-13 21:12:11 +0200
commit992b106d1de70b2bf1ad6a2211b937f5534b2c8a (patch)
tree82adad598409b65f79293566a7fd2af40066929a /configs/orangepi_one_plus_defconfig
parentb04f1deab3ddf57db63490cdc5532fc7d448483e (diff)
package/dbus: security bump to version 1.12.16
Fixes the following security issues: - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of Apple Information Security. For details, see the advisory: https://www.openwall.com/lists/oss-security/2019/06/11/2 Also contains a number of other smaller fixes, including fixes for memory leaks. For details, see NEWS: https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'configs/orangepi_one_plus_defconfig')
0 files changed, 0 insertions, 0 deletions