Bug 19561

Summary: dbus new format string security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: fundawang, lewyssmith, mageia, marja11, pkg-bugs, sysadmin-bugs, thierry.vignaud, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/703606/
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Source RPM: dbus-1.10.8-2.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-10-10 17:35:53 CEST 
A security issue fixed upstream in dbus has been announced today (October 10):
http://openwall.com/lists/oss-security/2016/10/10/9

I don't understand why our compiler flags didn't catch this one.

The issue is fixed in 1.10.12 and 1.8.22.  A patch is also available.

It sounds like this is a very minor issue because we fixed CVE-2015-0245.
David Walser 2016-10-10 17:36:14 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2016-10-13 12:14:00 CEST 
Assigning to maintainer, but also CC'ing some dbus committers and pkg-bugs ml, because the maintainer might need his time for more urgent things.

CC: (none) => fundawang, marja11, pkg-bugs, thierry.vignaud
Assignee: bugsquad => tmb

Comment 2 David Walser 2016-10-14 21:17:08 CEST 
Fedora has issued an advisory for this on October 13:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YNEU3UPG7YBLXGQ4E4XVZ74PLHP4ZG56/

URL: (none) => http://lwn.net/Vulnerabilities/703606/

Comment 3 David Walser 2017-03-29 12:26:17 CEST 
openSUSE has issued an advisory on March 27:
https://lists.opensuse.org/opensuse-updates/2017-03/msg00091.html

It fixes two additional security issues, already fixed in Cauldron in 1.10.16.

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 4 Nicolas Lécureuil 2017-08-24 17:43:37 CEST 
pushed in updates_testing:

src.rpm:    
        dbus-1.8.22-1.mga5

CC: (none) => mageia

Comment 5 Nicolas Lécureuil 2017-08-24 17:44:03 CEST 
pushed in updates_testing:

src.rpm:    
        dbus-1.8.22-1.1.mga5


this new version fixes comment #3
Comment 6 David Walser 2017-08-24 19:04:41 CEST 
(In reply to Nicolas Lécureuil from comment #5)
> pushed in updates_testing:
> 
> src.rpm:    
>         dbus-1.8.22-1.1.mga5
> 
> 
> this new version fixes comment #3

It didn't build.  It looks like it needs an autoreconf -fi.
Comment 7 Nicolas Lécureuil 2017-08-24 22:33:58 CEST 
now it is :)

Assignee: tmb => qa-bugs

Comment 8 David Walser 2017-08-24 23:19:56 CEST 
Advisory:
========================

Updated dbus packages fix security vulnerabilities:

A format string vulnerability in the reference bus implementation, dbus-daemon,
could potentially allow local users to cause arbitrary code execution or denial
of service.

Symlink attack in nonce-tcp transport (bsc#1025950).

Symlink attack in unit tests (bsc#1025951).

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YNEU3UPG7YBLXGQ4E4XVZ74PLHP4ZG56/
https://lists.opensuse.org/opensuse-updates/2017-03/msg00091.html
========================

Updated packages in core/updates_testing:
========================
dbus-1.8.22-1.1.mga5
libdbus1_3-1.8.22-1.1.mga5
libdbus-devel-1.8.22-1.1.mga5
dbus-x11-1.8.22-1.1.mga5
dbus-doc-1.8.22-1.1.mga5

from dbus-1.8.22-1.1.mga5.src.rpm
Comment 9 William Kenney 2017-08-26 20:09:30 CEST 
In VirtualBox, M5.1, KDE, 32-bit

Package(s) under test:
dbus dbus-x11 libdbus1_3

default install of dbus dbus-x11 & libdbus1_3

[root@localhost wilcal]# urpmi dbus
Package dbus-1.8.20-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.8.20-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbus1_3
Package libdbus1_3-1.8.20-1.mga5.i586 is already installed

boot system
Boots back to a working desktop and common apps work

[root@localhost wilcal]# systemctl status dbus.service
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static)
   Active: active (running) since Sat 2017-08-26 10:46:23 PDT; 5min ago
     Docs: man:dbus-daemon(1)
 Main PID: 765 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─765 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Aug 26 10:46:24 localhost dbus[765]: [system] Successfully activated service 'org.freedesktop.systemd1'
Aug 26 10:46:39 localhost dbus[765]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
Aug 26 10:46:39 localhost dbus[765]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Aug 26 10:46:39 localhost dbus[765]: [system] Activating via systemd: service name='org.freedesktop.UDisks2' unit='udisks2.service'
Aug 26 10:46:39 localhost dbus[765]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Aug 26 10:46:39 localhost dbus[765]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Aug 26 10:46:40 localhost org.kde.powerdevil.backlighthelper[765]: no kernel backlight interface found
Aug 26 10:46:40 localhost dbus[765]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Aug 26 10:46:45 localhost dbus[765]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' unit='rtkit-daemon.service'
Aug 26 10:46:45 localhost dbus[765]: [system] Successfully activated service 'org.freedesktop.RealtimeKit1'

install dbus dbus-x11 & libdbus1_3 from updates_testing

[root@localhost wilcal]# urpmi dbus
Package dbus-1.8.22-1.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.8.22-1.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbus1_3
Package libdbus1_3-1.8.22-1.1.mga5.i586 is already installed

reboot system
reboots back to a working desktop and common apps work

[root@localhost wilcal]# systemctl status dbus.service
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static)
   Active: active (running) since Sat 2017-08-26 10:59:32 PDT; 1min 40s ago
     Docs: man:dbus-daemon(1)
 Main PID: 767 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─767 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Aug 26 10:59:33 localhost dbus[767]: [system] Successfully activated service 'org.freedesktop.login1'
Aug 26 10:59:48 localhost dbus[767]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
Aug 26 10:59:48 localhost dbus[767]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Aug 26 10:59:48 localhost dbus[767]: [system] Activating via systemd: service name='org.freedesktop.UDisks2' unit='udisks2.service'
Aug 26 10:59:49 localhost dbus[767]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Aug 26 10:59:49 localhost dbus[767]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Aug 26 10:59:49 localhost org.kde.powerdevil.backlighthelper[767]: no kernel backlight interface found
Aug 26 10:59:49 localhost dbus[767]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Aug 26 10:59:54 localhost dbus[767]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' unit='rtk...ervice'
Aug 26 10:59:55 localhost dbus[767]: [system] Successfully activated service 'org.freedesktop.RealtimeKit1'

CC: (none) => wilcal.int
Whiteboard: (none) => MGA5-32-OK

Comment 10 William Kenney 2017-08-26 20:23:52 CEST 
In VirtualBox, M5.1, KDE, 64-bit

Package(s) under test:
dbus dbus-x11 lib64dbus1_3

default install of dbus dbus-x11 & lib64dbus1_3

[root@localhost wilcal]# urpmi dbus
Package dbus-1.8.20-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.8.20-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbus1_3
Package lib64dbus1_3-1.8.20-1.mga5.x86_64 is already installed

boot system
Boots back to a working desktop and common apps work

[root@localhost wilcal]# systemctl status dbus.service
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static)
   Active: active (running) since Sat 2017-08-26 11:10:29 PDT; 5min ago
     Docs: man:dbus-daemon(1)
 Main PID: 777 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─777 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Aug 26 11:10:46 localhost dbus[777]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
Aug 26 11:10:46 localhost dbus[777]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Aug 26 11:10:46 localhost dbus[777]: [system] Activating via systemd: service name='org.freedesktop.UDisks2' unit='udisks2.service'
Aug 26 11:10:46 localhost dbus[777]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Aug 26 11:10:46 localhost dbus[777]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Aug 26 11:10:46 localhost org.kde.powerdevil.backlighthelper[777]: no kernel backlight interface found
Aug 26 11:10:47 localhost dbus[777]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Aug 26 11:10:51 localhost dbus[777]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' unit='rtkit-dae...service'
Aug 26 11:10:52 localhost dbus[777]: [system] Successfully activated service 'org.freedesktop.RealtimeKit1'

install dbus dbus-x11 & lib64dbus1_3 from updates_testing

[root@localhost wilcal]# urpmi dbus
Package dbus-1.8.22-1.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.8.22-1.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbus1_3
Package lib64dbus1_3-1.8.22-1.1.mga5.x86_64 is already installed

reboot system
reboots back to a working desktop and common apps work

[root@localhost wilcal]# systemctl status dbus.service
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static)
   Active: active (running) since Sat 2017-08-26 11:19:00 PDT; 2min 13s ago
     Docs: man:dbus-daemon(1)
 Main PID: 774 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─774 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Aug 26 11:19:01 localhost dbus[774]: [system] Successfully activated service 'org.freedesktop.login1'
Aug 26 11:19:16 localhost dbus[774]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' un...rvice'
Aug 26 11:19:16 localhost dbus[774]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Aug 26 11:19:16 localhost dbus[774]: [system] Activating via systemd: service name='org.freedesktop.UDisks2' unit=...rvice'
Aug 26 11:19:17 localhost dbus[774]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Aug 26 11:19:17 localhost dbus[774]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using ...elper)
Aug 26 11:19:17 localhost org.kde.powerdevil.backlighthelper[774]: no kernel backlight interface found
Aug 26 11:19:17 localhost dbus[774]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Aug 26 11:19:22 localhost dbus[774]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' ...rvice'
Aug 26 11:19:22 localhost dbus[774]: [system] Successfully activated service 'org.freedesktop.RealtimeKit1'

Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK

Comment 11 William Kenney 2017-08-26 20:24:36 CEST 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 12 Lewis Smith 2017-08-26 21:40:28 CEST 
Thanks Bill for testing both architectures - necessary for this update.
Advisoried.

Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory
CC: (none) => lewyssmith

Comment 13 Mageia Robot 2017-08-26 22:36:13 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0310.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED