Univention Bugzilla – Full Text Bug Listing |
Summary: | dbus: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 7.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) NVD |
Description
Quality Assurance
2019-06-16 14:52:15 CEST
--- mirror/ftp/4.3/unmaintained/4.3-1/source/dbus_1.10.26-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/dbus_1.10.28-0+deb9u1.dsc @@ -1,3 +1,36 @@ +1.10.28-0+deb9u1 [Sun, 09 Jun 2019 22:42:06 +0100] Simon McVittie <smcv@debian.org>: + + * New upstream stable release + - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 + authentication for identities that differ from the user running the + DBusServer. Previously, a local attacker could manipulate symbolic + links in their own home directory to bypass authentication and + connect to a DBusServer with elevated privileges. The standard + system and session dbus-daemons in their default configuration were + immune to this attack because they did not allow DBUS_COOKIE_SHA1, + but third-party users of DBusServer such as Upstart could be + vulnerable. + - Prevent reading up to 3 bytes beyond the end of a truncated message. + This could in principle be an information leak or denial of service + on the system bus, but is not believed to be exploitable to crash + the system bus or leak interesting information in practice. + - Stop the dbus-daemon leaking memory (an error message) if delivering + the message that triggered auto-activation is forbidden. This is + technically a denial of service because the dbus-daemon will + run out of memory eventually, but it's a very slow and noisy one, + because all the rejected messages are also very likely to have + been logged to the system log, and its scope is typically limited by + the finite number of activatable services available. + - Remove __attribute__((__malloc__)) attribute on dbus_realloc(), + which does not meet the criteria for that attribute in gcc 4.7+, + potentially leading to miscompilation. + - Fix build with gcc 8 -Werror=cast-function-type + - Fix warning from gcc 8 about suspicious use of strncpy() when + populating struct sockaddr_un + - Fix installation of Ducktype documentation with newer yelp-build + versions + * d/control: Update Vcs-Git, Vcs-Browser + 1.10.26-0+deb9u1 [Fri, 02 Mar 2018 08:59:25 +0000] Simon McVittie <smcv@debian.org>: * New upstream stable release <http://10.200.17.11/4.3-4/#4818245372491386413> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 15aebc19bb Bug #49661: dbus 1.10.28-0+deb9u1 doc/errata/staging/dbus.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) [4.3-4] d2f49aaa48 Bug #49661: dbus 1.10.28-0+deb9u1 doc/errata/staging/dbus.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) |