97c139473e
- update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations OBS-URL: https://build.opensuse.org/request/show/1031295 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dbus-1?expand=0&rev=175 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
baselibs.conf | ||
dbus-1-devel-doc.changes | ||
dbus-1-devel-doc.spec | ||
dbus-1-x11.changes | ||
dbus-1-x11.spec | ||
dbus-1.14.4.tar.xz | ||
dbus-1.14.4.tar.xz.asc | ||
dbus-1.changes | ||
dbus-1.desktop | ||
dbus-1.keyring | ||
dbus-1.spec | ||
feature-suse-do-autolaunch.patch | ||
feature-suse-log-deny.patch | ||
feature-suse-refuse-manual-start-stop.patch | ||
messagebus.conf |