Security update for dbus-1

Announcement ID: SUSE-SU-2016:2565-1
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Software Development Kit 12 SP1

An update that has one security fix can now be installed.

Description:

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs.

The following security issue was fixed:

  • bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string.

The following upstream changes are included:

  • Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus.
  • Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008)
  • Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952)
  • Add locking to DBusCounter's reference count and notify function (fdo#89297)
  • Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312)
  • Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021)
  • Correctly initialize all fields of DBusTypeReader (fdo#90021)
  • Fix some missing \n in verbose (debug log) messages (fdo#90004)
  • Clean up some memory leaks in test code (fdo#90021)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12 SP1
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1502=1
  • SUSE Linux Enterprise Software Development Kit 12 SP1
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1502=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1502=1
  • SUSE Linux Enterprise Server 12 SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1502=1

Package List:

  • SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
    • dbus-1-debuginfo-32bit-1.8.22-22.2
    • dbus-1-debugsource-1.8.22-22.2
    • libdbus-1-3-1.8.22-22.2
    • dbus-1-1.8.22-22.2
    • dbus-1-debuginfo-1.8.22-22.2
    • dbus-1-x11-1.8.22-22.2
    • dbus-1-x11-debuginfo-1.8.22-22.2
    • libdbus-1-3-debuginfo-32bit-1.8.22-22.2
    • libdbus-1-3-32bit-1.8.22-22.2
    • libdbus-1-3-debuginfo-1.8.22-22.2
    • dbus-1-x11-debugsource-1.8.22-22.2
  • SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
    • dbus-1-debugsource-1.8.22-22.2
    • dbus-1-devel-1.8.22-22.2
    • dbus-1-debuginfo-1.8.22-22.2
  • SUSE Linux Enterprise Software Development Kit 12 SP1 (noarch)
    • dbus-1-devel-doc-1.8.22-22.2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
    • dbus-1-debugsource-1.8.22-22.2
    • libdbus-1-3-1.8.22-22.2
    • dbus-1-1.8.22-22.2
    • dbus-1-debuginfo-1.8.22-22.2
    • dbus-1-x11-1.8.22-22.2
    • dbus-1-x11-debuginfo-1.8.22-22.2
    • libdbus-1-3-debuginfo-1.8.22-22.2
    • dbus-1-x11-debugsource-1.8.22-22.2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
    • libdbus-1-3-debuginfo-32bit-1.8.22-22.2
    • dbus-1-debuginfo-32bit-1.8.22-22.2
    • libdbus-1-3-32bit-1.8.22-22.2
  • SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
    • dbus-1-debugsource-1.8.22-22.2
    • libdbus-1-3-1.8.22-22.2
    • dbus-1-1.8.22-22.2
    • dbus-1-debuginfo-1.8.22-22.2
    • dbus-1-x11-1.8.22-22.2
    • dbus-1-x11-debuginfo-1.8.22-22.2
    • libdbus-1-3-debuginfo-1.8.22-22.2
    • dbus-1-x11-debugsource-1.8.22-22.2
  • SUSE Linux Enterprise Server 12 SP1 (s390x x86_64)
    • libdbus-1-3-debuginfo-32bit-1.8.22-22.2
    • dbus-1-debuginfo-32bit-1.8.22-22.2
    • libdbus-1-3-32bit-1.8.22-22.2

References: