openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1228-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

DBUS-1 was upgraded to upstream release 1.8.

This brings the version of dbus to the latest stable release from an
unstable snapshot 1.7.4 that is know to have several regressions

- Upstream changes since 1.7.4 :

+ Security fixes :

- Do not accept an extra fd in the padding of a cmsg
message, which could lead to a 4-byte heap buffer
overrun. (CVE-2014-3635, fdo#83622; Simon McVittie)

- Reduce default for maximum Unix file descriptors passed
per message from 1024 to 16, preventing a uid with the
default maximum number of connections from exhausting
the system bus' file descriptors under Linux's default
rlimit. Distributors or system administrators with a
restrictive fd limit may wish to reduce these limits
further. Additionally, on Linux this prevents a second
denial of service in which the dbus-daemon can be made
to exceed the maximum number of fds per sendmsg() and
disconnect the process that would have received them.
(CVE-2014-3636, fdo#82820; Alban Crequy)

- Disconnect connections that still have a fd pending
unmarshalling after a new configurable limit,
pending_fd_timeout (defaulting to 150 seconds), removing
the possibility of creating an abusive connection that
cannot be disconnected by setting up a circular
reference to a connection's file descriptor.
(CVE-2014-3637, fdo#80559; Alban Crequy)

- Reduce default for maximum pending replies per
connection from 8192 to 128, mitigating an algorithmic
complexity denial-of-service attack (CVE-2014-3638,
fdo#81053; Alban Crequy)

- Reduce default for authentication timeout on the system
bus from 30 seconds to 5 seconds, avoiding denial of
service by using up all unauthenticated connection
slots; and when all unauthenticated connection slots are
used up, make new connection attempts block instead of
disconnecting them. (CVE-2014-3639, fdo#80919; Alban
Crequy)

- On Linux >0 2.6.37-rc4, if sendmsg() fails with
ETOOMANYREFS, silently drop the message. This prevents
an attack in which a malicious client can make
dbus-daemon disconnect a system service, which is a
local denial of service. (fdo#80163, CVE-2014-3532;
Alban Crequy)

- Track remaining Unix file descriptors correctly when
more than one message in quick succession contains fds.
This prevents another attack in which a malicious client
can make dbus-daemon disconnect a system service.
(fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
Martínez Suárez, Simon McVittie, Alban
Crequy)

- Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the
reference implementation of D-Bus. Additionally, in
highly unusual environments the same flaw could lead to
a side channel between processes that should not be able
to communicate. (CVE-2014-3477, fdo#78979)

+ Other fixes and enhancements :

- Check for libsystemd from systemd >= 209, falling back
to the older separate libraries if not found (Umut
Tezduyar Lindskog, Simon McVittie)

- On Linux, use prctl() to disable core dumps from a test
executable that deliberately raises SIGSEGV to test
dbus-daemon's handling of that condition (fdo#83772,
Simon McVittie)

- Fix compilation with --enable-stats (fdo#81043, Gentoo
#507232; Alban Crequy)

- Improve documentation for running tests on Windows
(fdo#41252, Ralf Habacker)

- When dbus-launch --exit-with-session starts a
dbus-daemon but then cannot attach to a session, kill
the dbus-daemon as intended (fdo#74698,
Роман
Донченко
)

- in the CMake build system, add some hints for Linux
users cross-compiling Windows D-Bus binaries to be able
to run tests under Wine (fdo#41252, Ralf Habacker)

- add Documentation key to dbus.service (fdo#77447,
Cameron Norman)

- in 'dbus-uuidgen --ensure', try to copy systemd's
/etc/machine-id to /var/lib/dbus/machine-id instead of
generating an entirely new ID (fdo#77941, Simon
McVittie)

- if dbus-launch receives an X error very quickly, do not
kill unrelated processes (fdo#74698,
Роман
Донченко
)

- on Windows, allow up to 8K connections to the
dbus-daemon, instead of the previous 64 (fdo#71297;
Cristian Onet, Ralf Habacker)

- cope with \r\n newlines in regression tests, since on
Windows, dbus-daemon.exe uses text mode (fdo#75863,
Руслан
Ижбулато
в)

- Enhance the CMake build system to check for GLib and
compile/run a subset of the regression tests (fdo#41252,
fdo#73495; Ralf Habacker)

- don't rely on va_copy(), use DBUS_VA_COPY() wrapper
(fdo#72840, Ralf Habacker)

- fix compilation of systemd journal support on older
systemd versions where sd-journal.h doesn't include
syslog.h (fdo#73455, Ralf Habacker)

- fix compilation on older MSVC versions by including
stdlib.h (fdo#73455, Ralf Habacker)

- Allow <allow_anonymous/> to appear in an included
configuration file (fdo#73475, Matt Hoosier)

- If the tests crash with an assertion failure, they no
longer default to blocking for a debugger to be
attached. Set DBUS_BLOCK_ON_ABORT in the environment if
you want the old behaviour.

- To improve debuggability, the dbus-daemon and
dbus-daemon-eavesdrop tests can be run with an external
dbus-daemon by setting DBUS_TEST_DAEMON_ADDRESS in the
environment. Test-cases that require an
unusually-configured dbus-daemon are skipped.

- don't require messages with no INTERFACE to be
dispatched (fdo#68597, Simon McVittie)

- document 'tcp:bind=...' and 'nonce-tcp:bind=...'
(fdo#72301, Chengwei Yang)

- define 'listenable' and 'connectable' addresses, and
discuss the difference (fdo#61303, Simon McVittie)

- support printing Unix file descriptors in dbus-send,
dbus-monitor (fdo#70592, Robert Ancell)

- don't install systemd units if --disable-systemd is
given (fdo#71818, Chengwei Yang)

- don't leak memory on out-of-memory while listing
activatable or active services (fdo#71526, Radoslaw
Pajak)

- fix undefined behaviour in a regression test (fdo#69924,
DreamNik)

- escape Unix socket addresses correctly (fdo#46013,
Chengwei Yang)

- on SELinux systems, don't assume that SECCLASS_DBUS,
DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically
equal to their values in the reference policy
(fdo#88719, osmond sun)

- define PROCESS_QUERY_LIMITED_INFORMATION if missing from
MinGW < 4 headers (fdo#71366, Matt Fischer)

- define WIN32_LEAN_AND_MEAN to avoid conflicts between
winsock.h and winsock2.h (fdo#71405, Matt Fischer)

- do not return failure from _dbus_read_nonce() with no
error set, preventing a potential crash (fdo#72298,
Chengwei Yang)

- on BSD systems, avoid some O(1)-per-process memory and
fd leaks in kqueue, preventing test failures (fdo#69332,
fdo#72213; Chengwei Yang)

- fix warning spam on Hurd by not trying to set
SO_REUSEADDR on Unix sockets, which doesn't do anything
anyway on at least Linux and FreeBSD (fdo#69492, Simon
McVittie)

- fix use of TCP sockets on FreeBSD and Hurd by tolerating
EINVAL from sendmsg() with SCM_CREDS (retrying with
plain send()), and looking for credentials more
correctly (fdo#69492, Simon McVittie)

- ensure that tests run with a temporary XDG_RUNTIME_DIR
to avoid getting mixed up in XDG/systemd 'user sessions'
(fdo#61301, Simon McVittie)

- refresh cached policy rules for existing connections
when bus configuration changes (fdo#39463, Chengwei
Yang)

- If systemd support is enabled, libsystemd-journal is now
required.

- When activating a non-systemd service under systemd,
annotate its stdout/stderr with its bus name in the
Journal. Known limitation: because the socket is opened
before forking, the process will still be logged as if
it had dbus-daemon's process ID and user ID. (fdo#68559,
Chengwei Yang)

- Document more configuration elements in dbus-daemon(1)
(fdo#69125, Chengwei Yang)

- Don't leak string arrays or fds if
dbus_message_iter_get_args_valist() unpacks them and
then encounters an error (fdo#21259, Chengwei Yang)

- If compiled with libaudit, retain CAP_AUDIT_WRITE so we
can write disallowed method calls to the audit log,
fixing a regression in 1.7.6 (fdo#49062, Colin Walters)

- path_namespace='/' in match rules incorrectly matched
nothing; it now matches everything. (fdo#70799, Simon
McVittie)

- Directory change notification via dnotify on Linux is no
longer supported; it hadn't compiled successfully since
2010 in any case. If you don't have inotify (Linux) or
kqueue (*BSD), you will need to send SIGHUP to the
dbus-daemon when its configuration changes. (fdo#33001,
Chengwei Yang)

- Compiling with --disable-userdb-cache is no longer
supported; it didn't work since at least 2008, and would
lead to an extremely slow dbus-daemon even it worked.
(fdo#15589, fdo#17133, fdo#66947; Chengwei Yang)

- The DBUS_DISABLE_ASSERTS CMake option didn't actually
disable most assertions. It has been renamed to
DBUS_DISABLE_ASSERT to be consistent with the Autotools
build system. (fdo#66142, Chengwei Yang)

- --with-valgrind=auto enables Valgrind instrumentation if
and only if valgrind headers are available. The default
is still

--with-valgrind=no. (fdo#56925, Simon McVittie)

- Platforms with no 64-bit integer type are no longer
supported. (fdo#65429, Simon McVittie)

- GNU make is now (documented to be) required. (fdo#48277,
Simon McVittie)

- Full test coverage no longer requires dbus-glib,
although the tests do not exercise the shared library
(only a static copy) if dbus-glib is missing.
(fdo#68852, Simon McVittie)

- D-Bus Specification 0.22

- Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fdo#54445, Simon)

- Fix example .service file (fdo#66481, Chengwei Yang)

- Don't claim D-Bus is 'low-latency' (lower than what?),
just give factual statements about it supporting async
use (fdo#65141, Justin Lee)

- Document the contents of .service files, and the fact
that system services' filenames are constrained
(fdo#66608; Simon McVittie, Chengwei Yang)

- Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For
compatibility with older libdbus, library users should
continue to call dbus_threads_init_default(): it is
harmless to do so. (fdo#54972, Simon McVittie)

- Add GetConnectionCredentials() method (fdo#54445, Simon)

- New API: dbus_setenv(), a simple wrapper around
setenv(). Note that this is not thread-safe. (fdo#39196,
Simon)

- Add dbus-send --peer=ADDRESS (connect to a given
peer-to-peer connection, like --address=ADDRESS in
previous versions) and dbus-send --bus=ADDRESS (connect
to a given bus, like dbus-monitor

--address=ADDRESS). dbus-send --address still exists for
backwards compatibility, but is no longer documented.
(fdo#48816, Andrey Mazo)

- 'dbus-daemon --nofork' is allowed on Windows again.
(fdo#68852, Simon McVittie)

- Avoid an infinite busy-loop if a signal interrupts
waitpid() (fdo#68945, Simon McVittie)

- Clean up memory for parent nodes when objects are
unexported (fdo#60176, Thomas Fitzsimmons)

- Make dbus_connection_set_route_peer_messages(x, FALSE)
behave as documented. Previously, it assumed its second
parameter was TRUE. (fdo#69165, Chengwei Yang)

- Escape addresses containing non-ASCII characters
correctly (fdo#53499, Chengwei Yang)

- Document <servicedir> search order correctly (fdo#66994,
Chengwei Yang)

- Don't crash on 'dbus-send --session / x.y.z' which
regressed in 1.7.4. (fdo#65923, Chengwei Yang)

- If malloc() returns NULL in _dbus_string_init() or
similar, don't free an invalid pointer if the string is
later freed (fdo#65959, Chengwei Yang)

- If malloc() returns NULL in dbus_set_error(), don't
va_end() a va_list that was never va_start()ed
(fdo#66300, Chengwei Yang)

- fix build failure with --enable-stats (fdo#66004,
Chengwei Yang)

- fix a regression test on platforms with strict alignment
(fdo#67279, Colin Walters)

- Avoid calling function parameters 'interface' since
certain Windows headers have a namespace-polluting macro
of that name (fdo#66493, Ivan Romanov)

- Assorted Doxygen fixes (fdo#65755, Chengwei Yang)

- Various thread-safety improvements to static variables
(fdo#68610, Simon McVittie)

- Make 'make -j check' work (fdo#68852, Simon McVittie)

- Fix a NULL pointer dereference on an unlikely error path
(fdo#69327, Sviatoslav Chagaev)

- Improve valgrind memory pool tracking (fdo#69326,
Sviatoslav Chagaev)

- Don't over-allocate memory in dbus-monitor (fdo#69329,
Sviatoslav Chagaev)

- dbus-monitor can monitor dbus-daemon < 1.5.6 again
(fdo#66107, Chengwei Yang)

- If accept4() fails with EINVAL, as it can on older Linux
kernels with newer glibc, try accept() instead of going
into a busy-loop. (fdo#69026, Chengwei Yang)

- If socket() or socketpair() fails with EINVAL or
EPROTOTYPE, for instance on Hurd or older Linux with a
new glibc, try without SOCK_CLOEXEC. (fdo#69073; Pino
Toscano, Chengwei Yang)

- Fix a file descriptor leak on an error code path.
(fdo#69182, Sviatoslav Chagaev)

- dbus-run-session: clear some unwanted environment
variables (fdo#39196, Simon)

- dbus-run-session: compile on FreeBSD (fdo#66197,
Chengwei Yang)

- Don't fail the autolaunch test if there is no DISPLAY
(fdo#40352, Simon)

- Use dbus-launch from the builddir for testing, not the
installed copy (fdo#37849, Chengwei Yang)

- Fix compilation if writev() is unavailable (fdo#69409,
Vasiliy Balyasnyy)

- Remove broken support for LOCAL_CREDS credentials
passing, and document where each credential-passing
scheme is used (fdo#60340, Simon McVittie)

- Make autogen.sh work on *BSD by not assuming GNU
coreutils functionality fdo#35881, fdo#69787; Chengwei
Yang)

- dbus-monitor: be portable to NetBSD (fdo#69842, Chengwei
Yang)

- dbus-launch: stop using non-portable asprintf
(fdo#37849, Simon)

- Improve error reporting from the setuid activation
helper (fdo#66728, Chengwei Yang)

- Remove unavailable command-line options from
'dbus-daemon --help' (fdo#42441, Ralf Habacker)

- Add support for looking up local TCPv4 clients'
credentials on Windows XP via the undocumented
AllocateAndGetTcpExTableFromStack function (fdo#66060,
Ralf Habacker)

- Fix insufficient dependency-tracking (fdo#68505, Simon
McVittie)

- Don't include wspiapi.h, fixing a compiler warning
(fdo#68852, Simon McVittie)

- add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less
confusing conditionals (fdo#66142, Chengwei Yang)

- improve verbose-mode output (fdo#63047, Colin Walters)

- consolidate Autotools and CMake build (fdo#64875, Ralf
Habacker)

- fix various unused variables, unusual build
configurations etc. (fdo#65712, fdo#65990, fdo#66005,
fdo#66257, fdo#69165, fdo#69410, fdo#70218; Chengwei
Yang, Vasiliy Balyasnyy)

- dbus-cve-2014-3533.patch: Add patch for CVE-2014-3533 to
fix (fdo#63127) &bull; CVE-2012-3524: Don't access
environment variables (fdo#52202) (fdo#51521, Dave
Reisner) &bull; Remove an incorrect assertion from
DBusTransport (fdo#51657, (fdo#51406, Simon McVittie)
(fdo#51032, Simon McVittie) (fdo#34671, Simon McVittie)
&middot; Check for libpthread under CMake on Unix
(fdo#47237, Simon McVittie) spec-compliance (fdo#48580,
David Zeuthen) non-root when using OpenBSD install(1)
(fdo#48217, Antoine Jacoutot) (fdo#45896, Simon
McVittie) (fdo#39549, Simon McVittie) invent their own
'union of everything' type (fdo#11191, Simon find(1)
(fdo#33840, Simon McVittie) (fdo#46273, Alban Crequy)
again on Win32, but not on WinCE (fdo#46049, Simon
(fdo#47321, Andoni Morales Alastruey) (fdo#39231,
fdo#41012; Simon McVittie)

- Add a regression test for fdo#38005 (fdo#39836, Simon
McVittie) a service file entry for activation
(fdo#39230, Simon McVittie) (fdo#24317, #34870; Will
Thompson, David Zeuthen, Simon McVittie) and document it
better (fdo#31818, Will Thompson) &bull; Let the bus
daemon implement more than one interface (fdo#33757,
&bull; Optimize _dbus_string_replace_len to reduce waste
(fdo#21261, (fdo#35114, Simon McVittie) &bull; Add
dbus_type_is_valid as public API (fdo#20496, Simon
McVittie) to unknown interfaces in the bus daemon
(fdo#34527, Lennart Poettering) (fdo#32245; Javier
Jard&oacute;n, Simon McVittie) &bull; Correctly give
XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496, in
embedded environments (fdo#19997, NB#219964; Simon
McVittie) &bull; Install the documentation, and an index
for Devhelp (fdo#13495, booleans when sending them
(fdo#16338, NB#223152; Simon McVittie) errors to
dbus-shared.h (fdo#34527, Lennart Poettering) data
(fdo#10887, Simon McVittie) .service files (fdo#19159,
Sven Herzberg) (fdo#35750, Colin Walters) (fdo#32805,
Mark Brand) which could result in a busy-loop
(fdo#32992, NB#200248; possibly &bull; Fix failure to
detect abstract socket support (fdo#29895) (fdo#32262,
NB#180486) &bull; Improve some error code paths
(fdo#29981, fdo#32264, fdo#32262, fdo#33128, fdo#33277,
fdo#33126, NB#180486) &bull; Avoid possible symlink
attacks in /tmp during compilation (fdo#32854) &bull;
Tidy up dead code (fdo#25306, fdo#33128, fdo#34292,
NB#180486) &bull; Improve gcc malloc annotations
(fdo#32710) &bull; Documentation improvements
(fdo#11190) &bull; Avoid readdir_r, which is difficult
to use correctly (fdo#8284, fdo#15922, LP#241619) &bull;
Cope with invalid files in session.d, system.d
(fdo#19186, &bull; Don't distribute generated files that
embed our builddir (fdo#30285, fdo#34292) (fdo#33474,
LP#381063) with lcov HTML reports and
--enable-compiler-coverage (fdo#10887) &middot; support
credentials-passing (fdo#32542) &middot; opt-in to
thread safety (fdo#33464)

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00038.html
https://bugzilla.novell.com/show_bug.cgi?id=896453

Solution :

Update the affected dbus-1 packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 77845 ()

Bugtraq ID:

CVE ID: CVE-2012-3524
CVE-2014-3477
CVE-2014-3532
CVE-2014-3533
CVE-2014-3635
CVE-2014-3636
CVE-2014-3637
CVE-2014-3638
CVE-2014-3639

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now