Mailinglist Archive: opensuse-updates (64 mails)

< Previous Next >
openSUSE-SU-2014:1228-1: moderate: dbus-1: security and bugfix update to 1.8
openSUSE Security Update: dbus-1: security and bugfix update to 1.8

Announcement ID: openSUSE-SU-2014:1228-1
Rating: moderate
References: #896453
Cross-References: CVE-2012-3524 CVE-2014-3635 CVE-2014-3636
CVE-2014-3637 CVE-2014-3638 CVE-2014-3639

Affected Products:
openSUSE 13.1

An update that fixes 6 vulnerabilities is now available.


DBUS-1 was upgraded to upstream release 1.8.

This brings the version of dbus to the latest stable release from an
unstable snapshot 1.7.4 that is know to have several regressions

- Upstream changes since 1.7.4:
+ Security fixes:
- Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
fdo#83622; Simon McVittie)
- Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit. Distributors or system administrators with
a restrictive fd limit may wish to reduce these limits further.
Additionally, on Linux this prevents a second denial of service in
which the dbus-daemon can be made to exceed the maximum number of
fds per sendmsg() and disconnect the process that would have
received them. (CVE-2014-3636, fdo#82820; Alban Crequy)
- Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to
150 seconds), removing the possibility of creating an abusive
connection that cannot be disconnected by setting up a circular
reference to a connection's file descriptor. (CVE-2014-3637,
fdo#80559; Alban Crequy)
- Reduce default for maximum pending replies per connection from 8192
to 128, mitigating an algorithmic complexity denial-of-service
attack (CVE-2014-3638, fdo#81053; Alban Crequy)
- Reduce default for authentication timeout on the system bus from 30
seconds to 5 seconds, avoiding denial of service by using up all
unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them. (CVE-2014-3639, fdo#80919; Alban
- On Linux >0 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
silently drop the message. This prevents an attack in which a
malicious client can make dbus-daemon disconnect a system service,
which is a local denial of service. (fdo#80163, CVE-2014-3532; Alban
- Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another
attack in which a malicious client can make dbus-daemon disconnect a
system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
Martínez Suárez, Simon McVittie, Alban Crequy)
- Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus. Additionally, in highly unusual
environments the same flaw could lead to a side channel between
processes that should not be able to communicate. (CVE-2014-3477,
+ Other fixes and enhancements:
- Check for libsystemd from systemd >= 209, falling back to the
older separate libraries if not found (Umut Tezduyar Lindskog, Simon
- On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fdo#83772, Simon McVittie)
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
Alban Crequy)
- Improve documentation for running tests on Windows (fdo#41252, Ralf
- When dbus-launch --exit-with-session starts a dbus-daemon but then
cannot attach to a session, kill the dbus-daemon as intended
(fdo#74698, Роман Донченко)
- in the CMake build system, add some hints for Linux users
cross-compiling Windows D-Bus binaries to be able to run tests under
Wine (fdo#41252, Ralf Habacker)
- add Documentation key to dbus.service (fdo#77447, Cameron Norman)
- in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id to
/var/lib/dbus/machine-id instead of generating an entirely new ID
(fdo#77941, Simon McVittie)
- if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fdo#74698, Роман Донченко)
- on Windows, allow up to 8K connections to the dbus-daemon, instead
of the previous 64 (fdo#71297; Cristian Onet, Ralf Habacker)
- cope with \r\n newlines in regression tests, since on Windows,
dbus-daemon.exe uses text mode (fdo#75863, Руслан
- Enhance the CMake build system to check for GLib and compile/run a
subset of the regression tests (fdo#41252, fdo#73495; Ralf Habacker)
- don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840, Ralf
- fix compilation of systemd journal support on older systemd versions
where sd-journal.h doesn't include syslog.h (fdo#73455, Ralf
- fix compilation on older MSVC versions by including stdlib.h
(fdo#73455, Ralf Habacker)
- Allow <allow_anonymous/> to appear in an included configuration file
(fdo#73475, Matt Hoosier)
- If the tests crash with an assertion failure, they no longer default
to blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT
in the environment if you want the old behaviour.
- To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop
tests can be run with an external dbus-daemon by setting
DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
an unusually-configured dbus-daemon are skipped.
- don't require messages with no INTERFACE to be dispatched
(fdo#68597, Simon McVittie)
- document "tcp:bind=..." and "nonce-tcp:bind=..." (fdo#72301,
Chengwei Yang)
- define "listenable" and "connectable" addresses, and discuss the
difference (fdo#61303, Simon McVittie)
- support printing Unix file descriptors in dbus-send, dbus-monitor
(fdo#70592, Robert Ancell)
- don't install systemd units if --disable-systemd is given
(fdo#71818, Chengwei Yang)
- don't leak memory on out-of-memory while listing activatable or
active services (fdo#71526, Radoslaw Pajak)
- fix undefined behaviour in a regression test (fdo#69924, DreamNik)
- escape Unix socket addresses correctly (fdo#46013, Chengwei Yang)
- on SELinux systems, don't assume that SECCLASS_DBUS,
DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to their
values in the reference policy (fdo#88719, osmond sun)
- define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4
headers (fdo#71366, Matt Fischer)
- define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
winsock2.h (fdo#71405, Matt Fischer)
- do not return failure from _dbus_read_nonce() with no error set,
preventing a potential crash (fdo#72298, Chengwei Yang)
- on BSD systems, avoid some O(1)-per-process memory and fd leaks in
kqueue, preventing test failures (fdo#69332, fdo#72213; Chengwei
- fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix
sockets, which doesn't do anything anyway on at least Linux and
FreeBSD (fdo#69492, Simon McVittie)
- fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
sendmsg() with SCM_CREDS (retrying with plain send()), and looking
for credentials more correctly (fdo#69492, Simon McVittie)
- ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
getting mixed up in XDG/systemd "user sessions" (fdo#61301, Simon
- refresh cached policy rules for existing connections when bus
configuration changes (fdo#39463, Chengwei Yang)
- If systemd support is enabled, libsystemd-journal is now required.
- When activating a non-systemd service under systemd, annotate its
stdout/stderr with its bus name in the Journal. Known limitation:
because the socket is opened before forking, the process will still
be logged as if it had dbus-daemon's process ID and user ID.
(fdo#68559, Chengwei Yang)
- Document more configuration elements in dbus-daemon(1) (fdo#69125,
Chengwei Yang)
- Don't leak string arrays or fds if
dbus_message_iter_get_args_valist() unpacks them and then encounters
an error (fdo#21259, Chengwei Yang)
- If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
disallowed method calls to the audit log, fixing a regression in
1.7.6 (fdo#49062, Colin Walters)
- path_namespace='/' in match rules incorrectly matched nothing; it
now matches everything. (fdo#70799, Simon McVittie)
- Directory change notification via dnotify on Linux is no longer
supported; it hadn't compiled successfully since 2010 in any case.
If you don't have inotify (Linux) or kqueue (*BSD), you will need to
send SIGHUP to the dbus-daemon when its configuration changes.
(fdo#33001, Chengwei Yang)
- Compiling with --disable-userdb-cache is no longer supported; it
didn't work since at least 2008, and would lead to an extremely slow
dbus-daemon even it worked. (fdo#15589, fdo#17133, fdo#66947;
Chengwei Yang)
- The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be
consistent with the Autotools build system. (fdo#66142, Chengwei
- --with-valgrind=auto enables Valgrind instrumentation if and only if
valgrind headers are available. The default is still
--with-valgrind=no. (fdo#56925, Simon McVittie)
- Platforms with no 64-bit integer type are no longer supported.
(fdo#65429, Simon McVittie)
- GNU make is now (documented to be) required. (fdo#48277, Simon
- Full test coverage no longer requires dbus-glib, although the tests
do not exercise the shared library (only a static copy) if dbus-glib
is missing. (fdo#68852, Simon McVittie)
- D-Bus Specification 0.22
* Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fdo#54445, Simon)
* Fix example .service file (fdo#66481, Chengwei Yang)
* Don't claim D-Bus is "low-latency" (lower than what?), just give
factual statements about it supporting async use (fdo#65141, Justin Lee)
* Document the contents of .service files, and the fact that system
services' filenames are constrained (fdo#66608; Simon McVittie, Chengwei
- Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For compatibility
with older libdbus, library users should continue to call
dbus_threads_init_default(): it is harmless to do so. (fdo#54972,
Simon McVittie)
- Add GetConnectionCredentials() method (fdo#54445, Simon)
- New API: dbus_setenv(), a simple wrapper around setenv(). Note that
this is not thread-safe. (fdo#39196, Simon)
- Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer
connection, like --address=ADDRESS in previous versions) and
dbus-send --bus=ADDRESS (connect to a given bus, like dbus-monitor
--address=ADDRESS). dbus-send --address still exists for backwards
compatibility, but is no longer documented. (fdo#48816, Andrey Mazo)
- "dbus-daemon --nofork" is allowed on Windows again. (fdo#68852,
Simon McVittie)
- Avoid an infinite busy-loop if a signal interrupts waitpid()
(fdo#68945, Simon McVittie)
- Clean up memory for parent nodes when objects are unexported
(fdo#60176, Thomas Fitzsimmons)
- Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fdo#69165, Chengwei Yang)
- Escape addresses containing non-ASCII characters correctly
(fdo#53499, Chengwei Yang)
- Document <servicedir> search order correctly (fdo#66994, Chengwei
- Don't crash on "dbus-send --session / x.y.z" which regressed in
1.7.4. (fdo#65923, Chengwei Yang)
- If malloc() returns NULL in _dbus_string_init() or similar, don't
free an invalid pointer if the string is later freed (fdo#65959,
Chengwei Yang)
- If malloc() returns NULL in dbus_set_error(), don't va_end() a
va_list that was never va_start()ed (fdo#66300, Chengwei Yang)
- fix build failure with --enable-stats (fdo#66004, Chengwei Yang)
- fix a regression test on platforms with strict alignment (fdo#67279,
Colin Walters)
- Avoid calling function parameters "interface" since certain Windows
headers have a namespace-polluting macro of that name (fdo#66493,
Ivan Romanov)
- Assorted Doxygen fixes (fdo#65755, Chengwei Yang)
- Various thread-safety improvements to static variables (fdo#68610,
Simon McVittie)
- Make "make -j check" work (fdo#68852, Simon McVittie)
- Fix a NULL pointer dereference on an unlikely error path (fdo#69327,
Sviatoslav Chagaev)
- Improve valgrind memory pool tracking (fdo#69326, Sviatoslav Chagaev)
- Don't over-allocate memory in dbus-monitor (fdo#69329, Sviatoslav
- dbus-monitor can monitor dbus-daemon < 1.5.6 again (fdo#66107,
Chengwei Yang)
- If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fdo#69026, Chengwei Yang)
- If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for
instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang)
- Fix a file descriptor leak on an error code path. (fdo#69182,
Sviatoslav Chagaev)
- dbus-run-session: clear some unwanted environment variables
(fdo#39196, Simon)
- dbus-run-session: compile on FreeBSD (fdo#66197, Chengwei Yang)
- Don't fail the autolaunch test if there is no DISPLAY (fdo#40352,
- Use dbus-launch from the builddir for testing, not the installed
copy (fdo#37849, Chengwei Yang)
- Fix compilation if writev() is unavailable (fdo#69409, Vasiliy
- Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used (fdo#60340,
Simon McVittie)
- Make work on *BSD by not assuming GNU coreutils
functionality fdo#35881, fdo#69787; Chengwei Yang)
- dbus-monitor: be portable to NetBSD (fdo#69842, Chengwei Yang)
- dbus-launch: stop using non-portable asprintf (fdo#37849, Simon)
- Improve error reporting from the setuid activation helper
(fdo#66728, Chengwei Yang)
- Remove unavailable command-line options from 'dbus-daemon --help'
(fdo#42441, Ralf Habacker)
- Add support for looking up local TCPv4 clients' credentials on
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
function (fdo#66060, Ralf Habacker)
- Fix insufficient dependency-tracking (fdo#68505, Simon McVittie)
- Don't include wspiapi.h, fixing a compiler warning (fdo#68852, Simon
conditionals (fdo#66142, Chengwei Yang)
- improve verbose-mode output (fdo#63047, Colin Walters)
- consolidate Autotools and CMake build (fdo#64875, Ralf Habacker)
- fix various unused variables, unusual build configurations etc.
(fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165, fdo#69410,
fdo#70218; Chengwei Yang, Vasiliy Balyasnyy)

- dbus-cve-2014-3533.patch: Add patch for CVE-2014-3533 to fix (fdo#63127)
• CVE-2012-3524: Don't access environment variables (fdo#52202)
(fdo#51521, Dave Reisner) • Remove an incorrect assertion from
DBusTransport (fdo#51657, (fdo#51406, Simon McVittie) (fdo#51032, Simon
McVittie) (fdo#34671, Simon McVittie) · Check for libpthread under
CMake on Unix (fdo#47237, Simon McVittie) spec-compliance (fdo#48580,
David Zeuthen) non-root when using OpenBSD install(1) (fdo#48217,
Antoine Jacoutot) (fdo#45896, Simon McVittie) (fdo#39549, Simon
McVittie) invent their own "union of everything" type (fdo#11191, Simon
find(1) (fdo#33840, Simon McVittie) (fdo#46273, Alban Crequy) again on
Win32, but not on WinCE (fdo#46049, Simon (fdo#47321, Andoni Morales
Alastruey) (fdo#39231, fdo#41012; Simon McVittie)
* Add a regression test for fdo#38005 (fdo#39836, Simon McVittie) a
service file entry for activation (fdo#39230, Simon McVittie)
(fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) and
document it better (fdo#31818, Will Thompson) • Let the bus daemon
implement more than one interface (fdo#33757, • Optimize
_dbus_string_replace_len to reduce waste (fdo#21261, (fdo#35114, Simon
McVittie) • Add dbus_type_is_valid as public API (fdo#20496, Simon
McVittie) to unknown interfaces in the bus daemon (fdo#34527, Lennart
Poettering) (fdo#32245; Javier Jardón, Simon McVittie) • Correctly
give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496, in embedded
environments (fdo#19997, NB#219964; Simon McVittie) • Install the
documentation, and an index for Devhelp (fdo#13495, booleans when
sending them (fdo#16338, NB#223152; Simon McVittie) errors to
dbus-shared.h (fdo#34527, Lennart Poettering) data (fdo#10887, Simon
McVittie) .service files (fdo#19159, Sven Herzberg) (fdo#35750, Colin
Walters) (fdo#32805, Mark Brand) which could result in a busy-loop
(fdo#32992, NB#200248; possibly • Fix failure to detect abstract
socket support (fdo#29895) (fdo#32262, NB#180486) • Improve some
error code paths (fdo#29981, fdo#32264, fdo#32262, fdo#33128,
fdo#33277, fdo#33126, NB#180486) • Avoid possible symlink attacks in
/tmp during compilation (fdo#32854) • Tidy up dead code (fdo#25306,
fdo#33128, fdo#34292, NB#180486) • Improve gcc malloc annotations
(fdo#32710) • Documentation improvements (fdo#11190) • Avoid
readdir_r, which is difficult to use correctly (fdo#8284, fdo#15922,
LP#241619) • Cope with invalid files in session.d, system.d
(fdo#19186, • Don't distribute generated files that embed our
builddir (fdo#30285, fdo#34292) (fdo#33474, LP#381063) with lcov HTML
reports and --enable-compiler-coverage (fdo#10887) · support
credentials-passing (fdo#32542) · opt-in to thread safety (fdo#33464)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-558

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (i586 x86_64):


- openSUSE 13.1 (x86_64):


- openSUSE 13.1 (noarch):



< Previous Next >
This Thread
  • No further messages