Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4295-1

Опубликовано: 29 нояб. 2022
Источник: suse-cvrf

Описание

Security update for dbus-1

This update for dbus-1 fixes the following issues:

  • CVE-2022-42010: Fixed a potential crash that could be triggered by an invalid signature (bsc#1204111).

  • CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).

  • CVE-2022-42012: Fixed use-after-free and possible memory corruption via a message in non-native endianness with out-of-band Unix file descriptors (bsc#1204113).

  • Disable assertions to prevent unexpected DDoS attacks (bsc#1087072).

Список пакетов

Image SLES12-SP5-Azure-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-Basic-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-HPC-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-HPC-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-SAP-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-SAP-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-Standard-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-EC2-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-EC2-ECS-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-EC2-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-EC2-SAP-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-EC2-SAP-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-GCE-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-GCE-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-GCE-SAP-BYOS
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-GCE-SAP-On-Demand
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
SUSE Linux Enterprise Server 12 SP5
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
libdbus-1-3-32bit-1.8.22-38.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
dbus-1-1.8.22-38.1
dbus-1-x11-1.8.22-38.1
libdbus-1-3-1.8.22-38.1
libdbus-1-3-32bit-1.8.22-38.1
SUSE Linux Enterprise Software Development Kit 12 SP5
dbus-1-devel-1.8.22-38.1
dbus-1-devel-doc-1.8.22-38.1

Ссылки

Описание

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:dbus-1-1.8.22-38.1
Image SLES12-SP5-Azure-BYOS:dbus-1-x11-1.8.22-38.1
Image SLES12-SP5-Azure-BYOS:libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-Basic-On-Demand:dbus-1-1.8.22-38.1
Ссылки

Описание

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:dbus-1-1.8.22-38.1
Image SLES12-SP5-Azure-BYOS:dbus-1-x11-1.8.22-38.1
Image SLES12-SP5-Azure-BYOS:libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-Basic-On-Demand:dbus-1-1.8.22-38.1
Ссылки

Описание

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:dbus-1-1.8.22-38.1
Image SLES12-SP5-Azure-BYOS:dbus-1-x11-1.8.22-38.1
Image SLES12-SP5-Azure-BYOS:libdbus-1-3-1.8.22-38.1
Image SLES12-SP5-Azure-Basic-On-Demand:dbus-1-1.8.22-38.1
Ссылки
Уязвимость SUSE-SU-2022:4295-1