Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3804-1

Опубликовано: 27 окт. 2022
Источник: suse-cvrf

Описание

Security update for dbus-1

This update for dbus-1 fixes the following issues:

  • CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
  • CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
  • CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

Bugfixes:

  • Disable asserts (bsc#1087072).

Список пакетов

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
SUSE Linux Enterprise Server 12 SP3-BCL
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
libdbus-1-3-32bit-1.8.22-29.24.1
SUSE Linux Enterprise Server 12 SP4-LTSS
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
libdbus-1-3-32bit-1.8.22-29.24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
libdbus-1-3-32bit-1.8.22-29.24.1
SUSE OpenStack Cloud 9
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
libdbus-1-3-32bit-1.8.22-29.24.1
SUSE OpenStack Cloud Crowbar 9
dbus-1-1.8.22-29.24.1
dbus-1-x11-1.8.22-29.24.1
libdbus-1-3-1.8.22-29.24.1
libdbus-1-3-32bit-1.8.22-29.24.1

Ссылки

Описание

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dbus-1-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dbus-1-x11-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libdbus-1-3-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:dbus-1-1.8.22-29.24.1
Ссылки

Описание

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dbus-1-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dbus-1-x11-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libdbus-1-3-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:dbus-1-1.8.22-29.24.1
Ссылки

Описание

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dbus-1-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dbus-1-x11-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libdbus-1-3-1.8.22-29.24.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:dbus-1-1.8.22-29.24.1
Ссылки