Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2590-1

Опубликовано: 02 авг. 2021
Источник: suse-cvrf

Описание

Security update for dbus-1

This update for dbus-1 fixes the following issues:

  • CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105)
  • CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505)

Список пакетов

Container suse/sles12sp3:latest
libdbus-1-3-1.8.22-29.21.1
HPE Helion OpenStack 8
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
Image SLES12-SP4-Azure-BYOS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-EC2-HVM-BYOS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-GCE-BYOS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-Azure
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-Azure-BYOS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-EC2-HVM
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-GCE
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
Image SLES12-SP4-SAP-GCE-BYOS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
SUSE Linux Enterprise Server 12 SP3-BCL
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE Linux Enterprise Server 12 SP3-LTSS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE Linux Enterprise Server 12 SP4-LTSS
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE OpenStack Cloud 8
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE OpenStack Cloud 9
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE OpenStack Cloud Crowbar 8
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1
SUSE OpenStack Cloud Crowbar 9
dbus-1-1.8.22-29.21.1
dbus-1-x11-1.8.22-29.21.1
libdbus-1-3-1.8.22-29.21.1
libdbus-1-3-32bit-1.8.22-29.21.1

Ссылки

Описание

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

Затронутые продукты
Container suse/sles12sp3:latest:libdbus-1-3-1.8.22-29.21.1
HPE Helion OpenStack 8:dbus-1-1.8.22-29.21.1
HPE Helion OpenStack 8:dbus-1-x11-1.8.22-29.21.1
HPE Helion OpenStack 8:libdbus-1-3-1.8.22-29.21.1
Ссылки

Описание

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

Затронутые продукты
Container suse/sles12sp3:latest:libdbus-1-3-1.8.22-29.21.1
HPE Helion OpenStack 8:dbus-1-1.8.22-29.21.1
HPE Helion OpenStack 8:dbus-1-x11-1.8.22-29.21.1
HPE Helion OpenStack 8:libdbus-1-3-1.8.22-29.21.1
Ссылки