openSUSE-RU-2014:1548-1: moderate: dbus-1

3 Dec 2014

      openSUSE Recommended Update: dbus-1
______________________________________________________________________________

Announcement ID:    openSUSE-RU-2014:1548-1
Rating:             moderate
References:         
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This recommended update for dbus-1 fixes the following issues:
   - Update to 1.8.12:
     + Partially revert the CVE-2014-3639 patch by increasing the default
       authentication timeout on the system bus from 5 seconds back to 30
       seconds, since this has been reported to cause boot regressions for
       some users, mostly with parallel boot (systemd) on slower hardware. On
       fast systems where local users are considered particularly hostile,
       administrators can return to the 5 second timeout (or any other value
       in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
       <busconfig> <limit name="auth_timeout">5000</limit> </busconfig>
       (fdo#86431)
     + Add a message in syslog/the Journal when the auth_timeout is exceeded
       (fdo#86431)
     + Send back an AccessDenied error if the addressed recipient is not
       allowed to receive a message (and in builds with assertions enabled,
       don't assert under the same conditions). (fdo#86194)

Patch Instructions:

   To install this openSUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch 3240

   - openSUSE 13.1:

      zypper in -t patch 3240

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 13.2 (i586 x86_64):

      dbus-1-1.8.12-8.1
      dbus-1-debuginfo-1.8.12-8.1
      dbus-1-debugsource-1.8.12-8.1
      dbus-1-devel-1.8.12-8.1
      dbus-1-x11-1.8.12-8.1
      dbus-1-x11-debuginfo-1.8.12-8.1
      dbus-1-x11-debugsource-1.8.12-8.1
      libdbus-1-3-1.8.12-8.1
      libdbus-1-3-debuginfo-1.8.12-8.1

   - openSUSE 13.2 (x86_64):

      dbus-1-debuginfo-32bit-1.8.12-8.1
      dbus-1-devel-32bit-1.8.12-8.1
      libdbus-1-3-32bit-1.8.12-8.1
      libdbus-1-3-debuginfo-32bit-1.8.12-8.1

   - openSUSE 13.2 (noarch):

      dbus-1-devel-doc-1.8.12-8.1

   - openSUSE 13.1 (i586 x86_64):

      dbus-1-1.8.12-4.28.2
      dbus-1-debuginfo-1.8.12-4.28.2
      dbus-1-debugsource-1.8.12-4.28.1
      dbus-1-devel-1.8.12-4.28.1
      dbus-1-x11-1.8.12-4.28.2
      dbus-1-x11-debuginfo-1.8.12-4.28.2
      dbus-1-x11-debugsource-1.8.12-4.28.2
      libdbus-1-3-1.8.12-4.28.1
      libdbus-1-3-debuginfo-1.8.12-4.28.1

   - openSUSE 13.1 (x86_64):

      dbus-1-debuginfo-32bit-1.8.12-4.28.2
      dbus-1-devel-32bit-1.8.12-4.28.1
      libdbus-1-3-32bit-1.8.12-4.28.1
      libdbus-1-3-debuginfo-32bit-1.8.12-4.28.1

   - openSUSE 13.1 (noarch):

      dbus-1-devel-doc-1.8.12-4.28.2

References:

   http://support.novell.com/security/cve/CVE-2014-3639.html

openSUSE-RU-2014:1548-1: moderate: dbus-1

maintenance＠opensuse.org