Dirk Mueller
a8bd6c1553
bsc#1204112, CVE-2022-42011,
bsc#1204113, CVE-2022-42012):
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
* On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
* Denial of service fixes:
- Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=326
17 lines
833 B
Plaintext
17 lines
833 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmM9YggACgkQ4FrhR4+B
|
|
TE9JAg/8CTXHPUehTP0j88B4p8CkPbG3HH8eS0XKgAAuKN2YjOHSxtX4+2rkL2Ga
|
|
t53EJo4dTeyeRmRuVGUhrUn548Btu8WkhsLqLaWjJ2941obXHW2jkmBRwX8afBhE
|
|
2cBbo2HtJIX4l5+d88DnOVsF9i4JLmBBkpSkQiEZrFbmQvT1kfL1LI2yySiAQjlC
|
|
SB4RQbJGjBiMZziarSHHw8Ttiw3WEvVeInpGGibdHvHJXqvnkuzPNQAfmVWB2UqN
|
|
kWbsWpjAS2A7epVew1VVrgr3hyxGkBwOYPuU5wXHkHmvchv5cBQ40HLFqn82lQ05
|
|
eVFMkbxDEd7+/BSzVBVaElYB9lpqWT95h/dYqMcVsKH4cdQAYAGmVQ/4JnMENbGT
|
|
sj2zLlpYwwHjDumzPG43ZSnaaRCFJ0hvWGMNo4kHP7c97OIronlCOX9YFPYQJg5B
|
|
TKPXnK3GgL3Htr5cQhR17LFUnOPdH79KQi8Q6e6N4iASfkrgApnvgDr4aZBuafTm
|
|
1N/P730mtTgTniTWyfUOPkAAmvoCtBzcq74IXIhFXGiCbUpNI/nLdd4NG5CG2kIp
|
|
HOIFkereXW48UopGx7T4m6RCyLjziOdjmKpewu9OC1ECyh/TkIoKhm6IHg3m7JmT
|
|
sNPcwoO5xx7dRinIci/Npw0Dlf3eaRRruJVw9yJYR9HEom7byws=
|
|
=foU5
|
|
-----END PGP SIGNATURE-----
|