SUSE-SU-2017:0292-1 -- SLES dbus-1, libdbus-1-3ID: oval:org.secpod.oval:def:89044575 | Date: (C)2021-07-07 (M)2023-02-13 |
Class: PATCH | Family: unix |
This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default configuration for the session bus to only allow EXTERNAL authentication , as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials succeeds - Ensure that dbus-monitor does not reply to messages intended for others - Add locking to DBusCounter"s reference count and notify function - Ensure that DBusTransport"s reference count is protected by the corresponding DBusConnection"s lock - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms - Correctly initialize all fields of DBusTypeReader - Fix some missing \n in verbose messages - Clean up some memory leaks in test code
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
dbus-1 |
libdbus-1-3 |