From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Anton Farygin Organization: ALT Linux Ltd. Date: Tue, 30 Aug 2005 17:02:47 +0400 User-Agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.) Message-Id: To: sisyphus@altlinux.ru MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: [sisyphus] [gmane.comp.freedesktop.dbus] SECURITY: CAN-2005-0201 - D-Bus 0.36.2 released X-BeenThere: sisyphus@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2005 13:04:31 -0000 Archived-At: List-Archive: Соответственно сегодня dbus-0.36.2 отправляется в Sisyphus и в 3.0-branch, всем рекомендуется обновить. Rgds, Rider On Mon, 29 Aug 2005 16:32:59 -0400, John (J5) Palmieri wrote: > D-Bus 0.36.2 is released. This is a security release that fixes an > exploit allowing one user to attach to another user's session bus. > > It should be noted that in order to exploit this issue, another user must > be running dbus on the target machine, and the user has to guess the > correct session bus address, which is not trivial. > > Anyone using the 0.3x D-Bus series should upgrade. > > relevant bug: > https://bugs.freedesktop.org/show_bug.cgi?id=2436 > > This issue is already public as CAN-2005-0201 > > As usual: > http://dbus.freedesktop.org/releases/dbus-0.36.2.tar.gz