Security issues fixed upstream in DBus have been announced today (September 16): http://openwall.com/lists/oss-security/2014/09/16/9 Mageia 3 and Mageia 4 are also affected. The issues are fixed upstream in 1.6.24 and 1.8.8. Thomas, is DBus 1.6 going to be supported for two more years, or should we update Cauldron to 1.8.8? Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Debian has issued an advisory for this on September 16: https://www.debian.org/security/2014/dsa-3026
URL: (none) => http://lwn.net/Vulnerabilities/612237/
Cauldron updated to 1.6.24
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOOHardware: i586 => AllVersion: Cauldron => 4
Advisory: Updated dbus packages fixes the following security issues: Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon: On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). References: http://openwall.com/lists/oss-security/2014/09/16/9 https://www.debian.org/security/2014/dsa-3026 Mga4: SRPMS: dbus-1.6.18-1.4.mga4.src.rpm i586: dbus-1.6.18-1.4.mga4.i586.rpm dbus-doc-1.6.18-1.4.mga4.noarch.rpm dbus-x11-1.6.18-1.4.mga4.i586.rpm libdbus1_3-1.6.18-1.4.mga4.i586.rpm libdbus-devel-1.6.18-1.4.mga4.i586.rpm x86_64: dbus-1.6.18-1.4.mga4.x86_64.rpm dbus-doc-1.6.18-1.4.mga4.noarch.rpm dbus-x11-1.6.18-1.4.mga4.x86_64.rpm lib64dbus1_3-1.6.18-1.4.mga4.x86_64.rpm lib64dbus-devel-1.6.18-1.4.mga4.x86_64.rpm Mga3: SRPMS: dbus-1.6.8-4.5.mga3.src.rpm i586: dbus-1.6.8-4.5.mga3.i586.rpm dbus-doc-1.6.8-4.5.mga3.noarch.rpm dbus-x11-1.6.8-4.5.mga3.i586.rpm libdbus1_3-1.6.8-4.5.mga3.i586.rpm libdbus-devel-1.6.8-4.5.mga3.i586.rpm x86_64: dbus-1.6.8-4.5.mga3.x86_64.rpm dbus-doc-1.6.8-4.5.mga3.noarch.rpm dbus-x11-1.6.8-4.5.mga3.x86_64.rpm lib64dbus1_3-1.6.8-4.5.mga3.x86_64.rpm lib64dbus-devel-1.6.8-4.5.mga3.x86_64.rpm
Severity: normal => majorAssignee: tmb => qa-bugs
No specific PoC's so just testing function. This is an inter process message bus. To test, just ensure everything still works ok with the updates installed (and possibly rebooted). Any issues should be evident in general desktop use. You can also monitor it in action with 'dbus-monitor'
Whiteboard: MGA3TOO => MGA3TOO has_procedure
I'm not seeing the new files in mirrors.kernel.org updates_testing yet
CC: (none) => wilcal.int
(In reply to William Kenney from comment #5) > I'm not seeing the new files in mirrors.kernel.org updates_testing yet Yes. kernel.org is doing infra work to add more mirrors, and it seems the 2 older mirror hosts are not syncing at this time :/ You better choose another mirror for now
CC: (none) => tmb
Testing mga4 64 After reboot no errors in the journal. I'll use it for a while and see if anything untoward happens before adding an OK. # journalctl -b -a | grep -i dbus
In VirtualBox, M4, KDE, 32-bit Package(s) under test: dbus default install of dbus [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.3.mga4.i586 is already installed boot system Boots back to a working desktop and common apps work [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue 2014-09-30 08:29:53 PDT; 7min ago Main PID: 662 (dbus-daemon) CGroup: /system.slice/dbus.service ââ662 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation install dbus from updates_testing [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.4.mga4.i586 is already installed reboot system reboots back to a working desktop and common apps work [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue 2014-09-30 09:48:35 PDT; 2min 47s ago Main PID: 694 (dbus-daemon) CGroup: /system.slice/dbus.service ââ694 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 64-bit Package(s) under test: dbus boot system Boots to a working desktop and common apps work default install of dbus [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.3.mga4.x86_64 is already installed [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue 2014-09-30 09:57:40 PDT; 6min ago Main PID: 712 (dbus-daemon) CGroup: /system.slice/dbus.service ââ712 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation install dbus from updates_testing reboot system reboots back to a working desktop and common apps work [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.4.mga4.x86_64 is already installed [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue 2014-09-30 10:07:37 PDT; 4min 56s ago Main PID: 693 (dbus-daemon) CGroup: /system.slice/dbus.service ââ693 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M3, KDE, 32-bit Package(s) under test: dbus default install of dbus boot system Boots to a working desktop and common apps work root@localhost wilcal]# urpmi dbus Package dbus-1.6.8-4.4.mga3.i586 is already installed [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue, 2014-09-30 10:18:57 PDT; 4min 7s ago Main PID: 806 (dbus-daemon) CGroup: name=systemd:/system/dbus.service â 806 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation install dbus from updates_testing reboot system reboots back to a working desktop and common apps work [root@localhost wilcal]# urpmi dbus Package dbus-1.6.8-4.5.mga3.i586 is already installed [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue, 2014-09-30 10:25:45 PDT; 2min 53s ago Main PID: 820 (dbus-daemon) CGroup: name=systemd:/system/dbus.service â 820 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M3, KDE, 64-bit Package(s) under test: dbus default install of dbus boot system Boots to a working desktop and common apps work [root@localhost wilcal]# urpmi dbus Package dbus-1.6.8-4.4.mga3.x86_64 is already installed [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue, 2014-09-30 10:39:37 PDT; 3min 44s ago Main PID: 842 (dbus-daemon) CGroup: name=systemd:/system/dbus.service â 842 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation install dbus from updates_testing reboot system reboots back to a working desktop and common apps work [root@localhost wilcal]# urpmi dbus Package dbus-1.6.8-4.5.mga3.x86_64 is already installed [root@localhost wilcal]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue, 2014-09-30 10:46:32 PDT; 2min 30s ago Main PID: 903 (dbus-daemon) CGroup: name=systemd:/system/dbus.service â 903 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activat... Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Testing on Mageia4-32 (real H/W) Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz NVIDIA GM107 [GeForce GTX 750] RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller 8 Series/C220 Series Chipset High Definition Audio Controller With dbus 1.6.18-1.3 # journalctl -b -a | grep -i dbus no errors With dbus 1.6.18-1.4 # journalctl -b -a | grep -i dbus no errors # systemctl -l status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since mar. 2014-09-30 20:04:46 CEST; 13min ago Main PID: 1079 (dbus-daemon) CGroup: /system.slice/dbus.service ââ1079 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation For now, everything work as usual.
CC: (none) => olchal
Testing on Mageia4-64 (real H/W) Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz NVIDIA GM107 [GeForce GTX 750] RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller 8 Series/C220 Series Chipset High Definition Audio Controller With dbus 1.6.18-1.3 # journalctl -b -a | grep -i dbus One error : sept. 30 21:18:53 localhost.localdomain systemd[7894]: Failed to open private bus connection: Failed to connect to socket /run/user/500/dbus/user_bus_socket: No such file or directory With dbus 1.6.18-1.4 # journalctl -b -a | grep -i dbus Same error : sept. 30 21:29:42 localhost.localdomain systemd[7917]: Failed to open private bus connection: Failed to connect to socket /run/user/500/dbus/user_bus_socket: No such file or directory # systemctl -l status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since mar. 2014-09-30 21:29:27 CEST; 8min ago Main PID: 4826 (dbus-daemon) CGroup: /system.slice/dbus.service ââ4826 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation I don't know about the "Failed to open private bus connection", I have it with either version. Nevertheless, everything works fine on usual desktop activity.
Testing MGA4 x64 real hardware with AMD/ATI/Radeon video While I am writing from the latest 3.12 desktop kernel, for which this update goes unnoticed = OK, it *did* have an effect on the two 3.14 (desktop & server) kernels which I have previously had working (not without fglrx hassle), but which no longer do. It is an fglrx thing: they now complain on startup, *after* the graphical login, that they need the equivalent development kernel; and simply stop showing the basic Mageia graphical background - with no virtual consoles. Any way I can look into this regression?
CC: (none) => lewyssmith
Testing on 64bit real hardware - Mate 3.14.19-desktop-1.mga4 [root@vega ~]# urpmi dbus Package dbus-1.6.18-1.4.mga4.x86_64 is already installed [root@vega ~]# urpmi lib64dbus-devel rsync://www.mirrorservice.org/mageia.org/pub/mageia/distrib/4/x86_64/media/core/updates_testing/lib64dbus-devel-1.6.18-1.4.mga4.x86_64.rpm installing lib64dbus-devel-1.6.18-1.4.mga4.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############################################# 1/1: lib64dbus-devel ############################################# journalctl -b -a | grep -i dbus systemd service activation messages intermingled with a few failures: Sep 30 21:55:30 vega systemd[3702]: Failed to open private bus connection: Failed to connect to socket /run/user/500/dbus/user_bus_socket: No such file or directory Three repeats of this: Sep 30 21:55:33 vega dbus[1188]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.NetworkManager.service': Unit dbus-org.freedesktop.NetworkManager.service failed to load: No such file or directory. [root@vega ~]# systemctl status dbus.service dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Tue 2014-09-30 21:55:18 BST; 24min ago Main PID: 1188 (dbus-daemon) CGroup: /system.slice/dbus.service ââ1188 /usr/bin/dbus-daemon --system --address=systemd: --nofork -... Sep 30 21:55:33 vega dbus[1188]: [system] Activating via systemd: service n...e' Sep 30 21:55:33 vega dbus[1188]: [system] Activation via systemd failed for...y. Sep 30 21:55:33 vega dbus[1188]: [system] Activating via systemd: service n...e' Sep 30 21:55:33 vega dbus[1188]: [system] Activation via systemd failed for...y. Sep 30 21:55:33 vega dbus[1188]: [system] Activating via systemd: service n...e' Sep 30 21:55:33 vega dbus[1188]: [system] Activation via systemd failed for...y. Sep 30 21:55:33 vega dbus[1188]: [system] Activating via systemd: service n...e' Sep 30 21:55:33 vega dbus[1188]: [system] Activation via systemd failed for...y. Sep 30 21:55:33 vega dbus[1188]: [system] Activating service name='org.mate...r) Sep 30 21:55:33 vega dbus[1188]: [system] Successfully activated service 'o...m' Hint: Some lines were ellipsized, use -l to show in full. The failures referred to NetworkManager. The system rebooted smoothly and all applications tested worked fine. Hardware: Intel Core i7-4790K 4.0GHz nVidia GeForce GTX 770 2GB DRAM 16GB
CC: (none) => tarazed25
(In reply to Len Lawrence from comment #15) > Testing on 64bit real hardware - Mate > > journalctl -b -a | grep -i dbus > systemd service activation messages intermingled with a few failures: > > Three repeats of this: > Sep 30 21:55:33 vega dbus[1188]: [system] Activation via systemd failed for > unit 'dbus-org.freedesktop.NetworkManager.service': Unit > dbus-org.freedesktop.NetworkManager.service failed to load: No such file or > directory. > I had the same failures on Mageia4-32 before enabling NetworkManager (# systemctl enable NetworkManager.service)
Understood, thanks Olivier. I did assume that the failures were not relevant.
Adding OK's for mga4 32 & 64 Several boots and some brief tests on mga3 32 and 64 seem ok too so I'll add those later if nobody objects.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga4-32-ok mga4-64-ok
Whiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0395.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Laptop with MGA4 i586 : I have a problem with this update : KDE alerts after a few minutes about powermanagement failure. Watching logs, upower service do not start anymore! ------------------ systemctl status upower.service upower.service - Daemon for power management Loaded: loaded (/usr/lib/systemd/system/upower.service; enabled) Active: failed (Result: signal) since Qua 2014-10-08 10:52:06 CEST; 35min ago Docs: man:upowerd(8) Process: 756 ExecStart=/usr/libexec/upowerd (code=killed, signal=TRAP) Main PID: 756 (code=killed, signal=TRAP) CGroup: /system.slice/upower.service Out 08 10:52:06 celeron.homelinuxserver.org upowerd[756]: (upowerd:756): UPower-ERROR **: failed to get pokit authority: Error init...ed out Out 08 10:52:06 celeron.homelinuxserver.org systemd[1]: upower.service: main process exited, code=killed, status=5/TRAP Out 08 10:52:06 celeron.homelinuxserver.org systemd[1]: Failed to start Daemon for power management. Out 08 10:52:06 celeron.homelinuxserver.org systemd[1]: Unit upower.service entered failed state. Hint: Some lines were ellipsized, use -l to show in full.
Resolution: FIXED => (none)Status: RESOLVED => REOPENEDCC: (none) => lists.jjorge
Please do not reopen a validated update, but rather create a new bug report related to this one.
CC: (none) => stormiResolution: (none) => FIXEDStatus: REOPENED => RESOLVED
I mean, a validated update which was pushed already to the repositories (ie too late to stop it)
I created #14249, but I don't know how to relate this bug to it.
Blocks: (none) => 14249
Blocks: (none) => 14251