Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dbus | fixed | 1.10.12-1 | package | |
| dbus | fixed | 1.8.22-0+deb8u1 | jessie | package |
| dbus | no-dsa | wheezy | package |
Примечания
https://bugs.freedesktop.org/show_bug.cgi?id=98157
Versions affected: dbus >= 1.4.0
Fixed in: dbus >= 1.11.6, 1.10.x >= 1.10.12, 1.8.x >= 1.8.22
CVE Request: https://www.openwall.com/lists/oss-security/2016/10/10/9
In Debian CVE-2015-0245 was already fixed, and this issue is
not believed to be exploitable in practice, because the relevant
message is ignored unless it comes from the owner of the bus name
org.freedesktop.systemd1. On the system bus, this bus name is only
allowed to be owned by uid 0; it is intended to be owned by systemd,
and no mechanism is currently known by which an attacker who does not
already have root privileges could induce systemd to send messages
that would trigger the format string vulnerability.