openSUSE Security Update : dbus-1 (openSUSE-2016-1222)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for dbus-1 to version 1.8.22 fixes one security issue and
bugs.

The following security issue was fixed :

- bsc#1003898: Do not treat ActivationFailure message
received from root-owned systemd name as a format
string.

The following upstream changes are included :

- Change the default configuration for the session bus to
only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already
done for the system bus.

- Fix a memory leak when GetConnectionCredentials()
succeeds (fdo#91008)

- Ensure that dbus-monitor does not reply to messages
intended for others (fdo#90952)

- Add locking to DBusCounter's reference count and notify
function (fdo#89297)

- Ensure that DBusTransport's reference count is protected
by the corresponding DBusConnection's lock (fdo#90312)

- Correctly release DBusServer mutex before early-return
if we run out of memory while copying authentication
mechanisms (fdo#90021)

- Correctly initialize all fields of DBusTypeReader
(fdo#90021)

- Fix some missing \n in verbose (debug log) messages
(fdo#90004)

- Clean up some memory leaks in test code (fdo#90021)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1003898

Solution :

Update the affected dbus-1 packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 94244 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now