| Summary: | dbus new security issue CVE-2015-0245 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, olchal, sysadmin-bugs, tmb |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/633086/ | ||
| Whiteboard: | advisory MGA4-64-OK MGA4-32-OK | ||
| Source RPM: | dbus-1.8.14-2.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-02-09 16:43:54 CET
David Walser
2015-02-09 16:44:33 CET
Whiteboard:
(none) =>
MGA4TOO
David Walser
2015-02-09 16:45:13 CET
Blocks:
(none) =>
14674 1.8.16 pushed to Cauldron. patched packages uploaded to mga4: SRPMS: dbus-1.6.18-1.10.mga4.src.rpm i586: dbus-1.6.18-1.10.mga4.i586.rpm dbus-doc-1.6.18-1.10.mga4.noarch.rpm dbus-x11-1.6.18-1.10.mga4.i586.rpm libdbus1_3-1.6.18-1.10.mga4.i586.rpm libdbus-devel-1.6.18-1.10.mga4.i586.rpm x86_64: dbus-1.6.18-1.10.mga4.x86_64.rpm dbus-doc-1.6.18-1.10.mga4.noarch.rpm dbus-x11-1.6.18-1.10.mga4.x86_64.rpm lib64dbus1_3-1.6.18-1.10.mga4.x86_64.rpm lib64dbus-devel-1.6.18-1.10.mga4.x86_64.rpm CC:
(none) =>
tmb Advisory: non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester, causing a local denial of service (CVE-2015-0245) References: http://openwall.com/lists/oss-security/2015/02/09/6 https://bugs.freedesktop.org/show_bug.cgi?id=88811 Thanks Thomas! Nice concise advisory. I would use this for the references (includes the CVE and the upstream URLs for the mailing list announcements): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245 http://lists.freedesktop.org/archives/dbus/2015-February/016553.html http://lists.freedesktop.org/archives/dbus/2015-February/016555.html MGA4-64 on HP Probook 6555b. No installation issues. Rebooted the PC, startup time seems normal, no delays in starting applications. CC:
(none) =>
herman.viaene System working fine for me on Mageia 4 i586. No noticeable issues or anything out of sorts in systemctl or journalctl. Observed normal behavior of dbus starting UDisks2 and powerdevil.backlighthelper in the journal. Whiteboard:
MGA4-64-OK =>
MGA4-64-OK MGA4-32-OK Debian has issued an advisory for this on February 11: https://www.debian.org/security/2015/dsa-3161 URL:
(none) =>
http://lwn.net/Vulnerabilities/633086/ Testing dbus-1.6.18-1.10.mga4 on Mageia4x64 real hardware (intel core i3, nvidia gtx750) with testing kernel-3.14.32-1.mga4 and glibc-2.18-9.9.mga4 Dmesg OK, nothing special in journalctl or systemctl. Display OK (Nvidia 331.113, screen 1920*1080) Network, web browser OK Play audio and video file OK USB OK CC:
(none) =>
olchal Performed two installations one x86_64 and one i586 with kernel, 3 x nvidia, fglrx, broadcom-wl, vbox, xtables-addons and also glibc, dbus, x11 and cups at the same time. All Ok Advisory uploaded with srpm from comment 1, text from comment 2 and references from comment 3. Whiteboard:
MGA4-64-OK MGA4-32-OK =>
advisory MGA4-64-OK MGA4-32-OK Testing on Mageia4x32 real hardware (intel core i3, 8 Series/C220 Series Chipset, nvidia GTX750) dbus-1.6.18-1.10.mga4.i586 with latest kernel-desktop, glibc and x11-server OK Validating. Please push to 4 updates Thanks Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0071.html Status:
NEW =>
RESOLVED |