openSUSE Recommended Update: dbus-1 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:1547-1 Rating: moderate References: Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This recommended update for dbus-1 fixes the following issues: - Update to 1.6.28: + Regression fix backported from 1.8.12: * Partially revert the CVE-2014-3639 patch by increasing the default authentication timeout on the system bus from 5 seconds back to 30 seconds, since this has been reported to cause boot regressions for some users, mostly with parallel boot (systemd) on slower hardware. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: <busconfig> <limit name="auth_timeout">5000</limit> </busconfig> (fdo#86431) * Add a message in syslog/the Journal when the auth_timeout is exceeded (fdo#86431) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch 3239 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): dbus-1-1.6.28-2.34.1 dbus-1-debuginfo-1.6.28-2.34.1 dbus-1-debugsource-1.6.28-2.34.1 dbus-1-devel-1.6.28-2.34.1 dbus-1-x11-1.6.28-2.34.1 dbus-1-x11-debuginfo-1.6.28-2.34.1 dbus-1-x11-debugsource-1.6.28-2.34.1 libdbus-1-3-1.6.28-2.34.1 libdbus-1-3-debuginfo-1.6.28-2.34.1 - openSUSE 12.3 (x86_64): dbus-1-32bit-1.6.28-2.34.1 dbus-1-debuginfo-32bit-1.6.28-2.34.1 dbus-1-devel-32bit-1.6.28-2.34.1 libdbus-1-3-32bit-1.6.28-2.34.1 libdbus-1-3-debuginfo-32bit-1.6.28-2.34.1 - openSUSE 12.3 (noarch): dbus-1-devel-doc-1.6.28-2.34.1 References: http://support.novell.com/security/cve/CVE-2014-3639.html