Описание
Security update for dbus-broker
This update for dbus-broker fixes the following issues:
- CVE-2022-31212: Fix a stack buffer over-read in bundled c-shquote (boo#1200332)
- CVE-2022-31213: Fix a NULL pointer dereferences in bundled c-shquote (boo#1200333)
Список пакетов
SUSE Package Hub 15 SP4
dbus-broker-28-bp154.2.3.1
openSUSE Leap 15.4
dbus-broker-28-bp154.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10030-1
- SUSE Security Ratings
- SUSE Bug 1200332
- SUSE Bug 1200333
- SUSE CVE CVE-2022-31212 page
- SUSE CVE CVE-2022-31213 page
Описание
An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.
Затронутые продукты
SUSE Package Hub 15 SP4:dbus-broker-28-bp154.2.3.1
openSUSE Leap 15.4:dbus-broker-28-bp154.2.3.1
Ссылки
- CVE-2022-31212
- SUSE Bug 1200332
Описание
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.
Затронутые продукты
SUSE Package Hub 15 SP4:dbus-broker-28-bp154.2.3.1
openSUSE Leap 15.4:dbus-broker-28-bp154.2.3.1
Ссылки
- CVE-2022-31213
- SUSE Bug 1200333