This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update fixes the following security issues :
- CVE-2014-8148 :
- Do not allow calls to UpdateActivationEnvironment from
uids other than the uid of the dbus-daemon. If a system
service installs unsafe security policy rules that allow
arbitrary method calls (such as CVE-2014-8148) then this
prevents memory consumption and possible privilege
escalation via UpdateActivationEnvironment.
- CVE-2012-3524: Don't access environment variables
See also :
Update the affected dbus-1 packages.
Risk factor :
High / CVSS Base Score : 7.2
Public Exploit Available : true