dbus_1.6.8-1+deb7u6_amd64.deb


Advertisement

Description

dbus - simple interprocess messaging system (daemon and utilities)

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Security Updates Main amd64
Package name dbus
Package version 1.6.8
Package release 1+deb7u6
Package architecture amd64
Package type deb
Installed size 948 B
Download size 394.19 KB
Official Mirror ftp.br.debian.org
Description -

Alternatives

Package Version Architecture Repository
dbus_1.6.8-1+deb7u6_i386.deb 1.6.8 i386 Debian Security Updates Main
dbus_1.6.8-1+deb7u6_amd64.deb 1.6.8 amd64 Debian Main
dbus_1.6.8-1+deb7u6_i386.deb 1.6.8 i386 Debian Main
dbus - - -

Requires

Name Value
adduser -
libc6 >= 2.10
libdbus-1-3 >= 1.0.2
libexpat1 >= 2.0.1
libselinux1 >= 1.32
libsystemd-login0 >= 31
lsb-base >= 3.2-14

Download

Type URL
Binary Package dbus_1.6.8-1+deb7u6_amd64.deb
Source Package dbus

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install dbus deb package:
    # sudo apt-get install dbus

Changelog

2015-02-05 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1+deb7u6) wheezy-security; urgency=high
* Add patch for system.conf to fix a local denial of service when
using systemd activation (CVE-2015-0245)
2014-11-24 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1+deb7u5) wheezy-security; urgency=high
* Fix CVE-2014-7824:
- Start 'dbus-daemon --system' as root under sysvinit (it already
starts as root under systemd), so it can increase its file
descriptor limit
- Add patch from upstream to increase dbus-daemon's file descriptor
limit to 65536, completing the incomplete fix for CVE-2014-3636
* Fix regression introduced in 1.6.8-1+deb7u4 (Closes: #769069):
- Add patch from upstream to restore auth_timeout to its previous value,
since the shorter value causes boot failures on some systems
- Add README.Debian to dbus package, documenting how sysadmins with
hostile local users, and systems where boot succeeds with the shorter
value, can get the shorter value back
2014-09-15 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1+deb7u4) wheezy-security; urgency=high
* Fix several security issues
- CVE-2014-3635: do not accept an extra fd in cmsg padding,
avoiding a buffer overrun in dbus-daemon or system services
- CVE-2014-3636: reduce maximum number of file descriptors
per message from 1024 to 16, to avoid two separate denial-of-service
attacks that could cause system services to be dropped from the bus
- CVE-2014-3637: time out connections that have a
partially-sent message containing a file descriptor, so that
malicious processes cannot use self-referential file descriptors
to make a connection that will never close
- CVE-2014-3638: reduce maximum number of pending replies
per connection to avoid algorithmic complexity DoS
- CVE-2014-3639: reduce timeout for authentication and
do not accept() new connections when all unauthenticated connection
slots are in use, so that malicious processes cannot prevent new
connections to the system bus
2014-06-30 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1+deb7u3) wheezy-security; urgency=high
* CVE-2014-3532, CVE-2014-3533: add patches to avoid two separate
local denial of service attacks involving sending file descriptors
to system services
2014-06-06 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1+deb7u2) wheezy; urgency=medium
* CVE-2014-3477: add patch to avoid a denial of service (failure to obtain
bus name) in newly-activated system services that not all users are
allowed to access
2013-06-12 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1+deb7u1) wheezy-security; urgency=high
* CVE-2013-2168: add patch to avoid a user-triggerable crash
(denial of services) in system services that use libdbus
2012-09-29 - Simon McVittie <smcv@debian.org>
dbus (1.6.8-1) unstable; urgency=low
* Merge from experimental
* New upstream stable release 1.6.6
- CVE-2012-3524: avoid arbitrary code execution in setuid or otherwise
privileged binaries that incorrectly use libdbus without first
sanitizing the environment variables inherited from their
less-privileged caller (Closes: #689070)
* New upstream stable release 1.6.8
- Revert part of 1.6.6 (do not check filesystem capabilities, only
setuid/setgid), fixing regressions in certain configurations of
gnome-keyring
2012-07-18 - Simon McVittie <smcv@debian.org>
dbus (1.6.4-1) experimental; urgency=low
* gbp.conf: switch to experimental branch
* New upstream stable release
- remove incorrect assertion and have correct default for developer mode
(Closes: #680027, differently)
2012-07-03 - Simon McVittie <smcv@debian.org>
dbus (1.6.2-2) unstable; urgency=low
* Disable "developer mode", which was intended to be off-by-default,
but was incorrectly on-by-default in 1.6.2, causing an incorrect
assertion to be hit when starting fcitx before dbus-launch.
(Closes: #680027)

See Also

Package Description
dcmtk-doc_3.6.0-12+deb7u1_all.deb OFFIS DICOM toolkit documentation
dcmtk-www_3.6.0-12+deb7u1_amd64.deb OFFIS DICOM toolkit worklist www server application
dcmtk_3.6.0-12+deb7u1_amd64.deb OFFIS DICOM toolkit command line utilities
debian-security-support_2018.01.29~deb7u1_all.deb Debian security support coverage checker
debsecan_0.4.16+nmu1+deb7u1_all.deb Debian Security Analyzer
default-jdk-doc_0.47+deb7u2_all.deb Standard Java or Java compatible Development Kit (documentation)
default-jdk_1.7-47+deb7u2_amd64.deb Standard Java or Java compatible Development Kit
default-jre-headless_1.7-47+deb7u2_amd64.deb Standard Java or Java compatible Runtime (headless)
default-jre_1.7-47+deb7u2_amd64.deb Standard Java or Java compatible Runtime
deluge-common_1.3.3-2+nmu1+deb7u2_all.deb bittorrent client written in Python/PyGTK (common files)
deluge-console_1.3.3-2+nmu1+deb7u2_all.deb bittorrent client written in Python/PyGTK (console ui)
deluge-gtk_1.3.3-2+nmu1+deb7u2_all.deb bittorrent client written in Python/PyGTK (GTK+ ui)
deluge-torrent_1.3.3-2+nmu1+deb7u2_all.deb bittorrent client (gtk ui transitional package)
deluge-web_1.3.3-2+nmu1+deb7u2_all.deb bittorrent client written in Python/PyGTK (web ui)
deluge-webui_1.3.3-2+nmu1+deb7u2_all.deb bittorrent client (web ui transitional package)
Advertisement
Advertisement