openSUSE Security Update : dbus-1 (openSUSE-SU-2015:0111-1)
High Nessus Plugin ID 80985
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes the following security issues :
- CVE-2014-8148 :
- Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment.
- CVE-2012-3524: Don't access environment variables (bnc#912016)
SolutionUpdate the affected dbus-1 packages.