openSUSE Security Update : dbus-1 (openSUSE-2016-1269)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for dbus-1 to version 1.8.22 fixes several issues.

This security issue was fixed :

- boo#1003898: Do not treat ActivationFailure message
received from root-owned systemd name as a format

These non-security issues were fixed :

- boo#978477: Correctly reset timeouts for pending file

- boo#980928: increase listen() backlog of AF_UNIX sockets

- Change the default configuration for the session bus to
only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already
done for the system bus.

- Fix a memory leak when GetConnectionCredentials()
succeeds (fdo#91008)

- Ensure that dbus-monitor does not reply to messages
intended for others (fdo#90952)

- Add locking to DBusCounter's reference count and notify
function (fdo#89297)

- Ensure that DBusTransport's reference count is protected
by the corresponding DBusConnection's lock (fdo#90312)

- Correctly release DBusServer mutex before early-return
if we run out of memory while copying authentication
mechanisms (fdo#90021)

- Correctly initialize all fields of DBusTypeReader

- Fix some missing \n in verbose (debug log) messages

- Clean up some memory leaks in test code (fdo#90021)

See also :

Solution :

Update the affected dbus-1 packages.

Risk factor :

Low / CVSS Base Score : 1.9

Family: SuSE Local Security Checks

Nessus Plugin ID: 94600 ()

Bugtraq ID:

CVE ID: CVE-2015-0245

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now