openSUSE Security Update : dbus-1 (openSUSE-2016-1222)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for dbus-1 to version 1.8.22 fixes one security issue and

The following security issue was fixed :

- bsc#1003898: Do not treat ActivationFailure message
received from root-owned systemd name as a format

The following upstream changes are included :

- Change the default configuration for the session bus to
only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already
done for the system bus.

- Fix a memory leak when GetConnectionCredentials()
succeeds (fdo#91008)

- Ensure that dbus-monitor does not reply to messages
intended for others (fdo#90952)

- Add locking to DBusCounter's reference count and notify
function (fdo#89297)

- Ensure that DBusTransport's reference count is protected
by the corresponding DBusConnection's lock (fdo#90312)

- Correctly release DBusServer mutex before early-return
if we run out of memory while copying authentication
mechanisms (fdo#90021)

- Correctly initialize all fields of DBusTypeReader

- Fix some missing \n in verbose (debug log) messages

- Clean up some memory leaks in test code (fdo#90021)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

Solution :

Update the affected dbus-1 packages.

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 94244 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now