This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for dbus-1 to version 1.8.22 fixes several issues.
This security issue was fixed :
- boo#1003898: Do not treat ActivationFailure message
received from root-owned systemd name as a format
These non-security issues were fixed :
- boo#978477: Correctly reset timeouts for pending file
- boo#980928: increase listen() backlog of AF_UNIX sockets
- Change the default configuration for the session bus to
only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already
done for the system bus.
- Fix a memory leak when GetConnectionCredentials()
- Ensure that dbus-monitor does not reply to messages
intended for others (fdo#90952)
- Add locking to DBusCounter's reference count and notify
- Ensure that DBusTransport's reference count is protected
by the corresponding DBusConnection's lock (fdo#90312)
- Correctly release DBusServer mutex before early-return
if we run out of memory while copying authentication
- Correctly initialize all fields of DBusTypeReader
- Fix some missing \n in verbose (debug log) messages
- Clean up some memory leaks in test code (fdo#90021)
See also :
Update the affected dbus-1 packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now