openSUSE Security Update : dbus-1 (openSUSE-2016-1269)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for dbus-1 to version 1.8.22 fixes several issues.

This security issue was fixed :

- boo#1003898: Do not treat ActivationFailure message
received from root-owned systemd name as a format
string.

These non-security issues were fixed :

- boo#978477: Correctly reset timeouts for pending file
descriptors

- boo#980928: increase listen() backlog of AF_UNIX sockets
to SOMAXCONN

- Change the default configuration for the session bus to
only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already
done for the system bus.

- Fix a memory leak when GetConnectionCredentials()
succeeds (fdo#91008)

- Ensure that dbus-monitor does not reply to messages
intended for others (fdo#90952)

- Add locking to DBusCounter's reference count and notify
function (fdo#89297)

- Ensure that DBusTransport's reference count is protected
by the corresponding DBusConnection's lock (fdo#90312)

- Correctly release DBusServer mutex before early-return
if we run out of memory while copying authentication
mechanisms (fdo#90021)

- Correctly initialize all fields of DBusTypeReader
(fdo#90021)

- Fix some missing \n in verbose (debug log) messages
(fdo#90004)

- Clean up some memory leaks in test code (fdo#90021)

See also :

https://bugs.freedesktop.org/show_bug.cgi?id=87999
https://bugs.freedesktop.org/show_bug.cgi?id=89297
https://bugs.freedesktop.org/show_bug.cgi?id=90004
https://bugs.freedesktop.org/show_bug.cgi?id=90021
https://bugs.freedesktop.org/show_bug.cgi?id=90312
https://bugs.freedesktop.org/show_bug.cgi?id=90952
https://bugs.freedesktop.org/show_bug.cgi?id=91008
https://bugs.freedesktop.org/show_bug.cgi?id=98157
https://bugzilla.opensuse.org/show_bug.cgi?id=1003898
https://bugzilla.opensuse.org/show_bug.cgi?id=978477
https://bugzilla.opensuse.org/show_bug.cgi?id=980928

Solution :

Update the affected dbus-1 packages.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 94600 ()

Bugtraq ID:

CVE ID: CVE-2015-0245

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now