Mailinglist Archive: opensuse-security (21 mails)

< Previous Next >
[opensuse-security] dbus security update in the update test repo
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Fri, 6 Feb 2009 14:10:58 +0100
  • Message-id: <200902061411.00131.ludwig.nussel@xxxxxxx>
Hi,

The update test repo contains among other upcoming updates a dbus
security update (CVE-2008-4311). Unfortunately the access policy
change required to fix the problem turns up problems in the policy
files of several other applications. I.e. the fix breaks other
applications. We've already added fixes for bluez, hal, PackageKit
and pommed. knetworkmanager will follow soon. Due to the large
impact of the update and since we can't test all uses cases
ourselves though. So I'd like to ask for help here. So if you are
interested in helping to ensure that this update cause as little
trouble as possible after it's official release please add our
update test repository and install the dbus related updates. You
should be experienced enough to be able to reinstall working
packages in case of trouble though.

You can add the repo and install updates e.g. via zypper

11.1:
# zypper ar http://download.opensuse.org/update/11.1-test update-test
# zypper patch

11.0:
# zypper ar http://download.opensuse.org/update/11.0-test update-test
# zypper up

10.3:
# zypper ar http://download.opensuse.org/update/10.3-test update-test
# zypper up

While the new policy is applied immediately after the update dbus
needs to be restarted to have it log to /var/log/messages. Rebooting
the system is the least painful way to do that.

If you see messages like the following after the update in
/var/log/messages you've probably discovered a bug in a package that
needs additional fixes and we like to know about it:

... dbus-daemon: Rejected send message, 1 matched rules; type="method_call", ...

Log entries about messages of type "method_return" are usually false
positives caused by bugs in glib bindings.

Thanks in advance everyone using the update-test repo! :-)

cu
Ludwig

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups