| Revision Date: | 2017-01-26 | Version: | 1 |
| Title: | Security update for dbus-1 (Moderate) |
| Description: |
This update for dbus-1 to version 1.8.22 fixes one security issue and bugs.
The following security issue was fixed:
- bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string.
The following upstream changes are included:
- Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952) - Add locking to DBusCounter's reference count and notify function (fdo#89297) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021) - Correctly initialize all fields of DBusTypeReader (fdo#90021) - Fix some missing \n in verbose (debug log) messages (fdo#90004) - Clean up some memory leaks in test code (fdo#90021)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1003898
1018556
SUSE-SU-2017:0292-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information
dbus-1-1.8.22-24.2.1 is installed
OR dbus-1-x11-1.8.22-24.2.1 is installed
OR libdbus-1-3-1.8.22-24.2.1 is installed
OR libdbus-1-3-32bit-1.8.22-24.2.1 is installed
|