Three security issues fixed upstream in DBus have been announced today (October 6): https://www.openwall.com/lists/oss-security/2022/10/06/1 The issues are fixed upstream in 1.14.4.
Status comment: (none) => Fixed upstream in 1.14.4
which David has already put into Cauldron. Assigning to base system.
Assignee: bugsquad => basesystem
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (CVE-2022-42010) An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. (CVE-2022-42011) A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. (CVE-2022-42012) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012 https://www.openwall.com/lists/oss-security/2022/10/06/1 ======================== Updated packages in core/updates_testing: ======================== dbus-1.13.18-3.1.mga8 dbus-doc-1.13.18-3.1.mga8 dbus-x11-1.13.18-3.1.mga8 lib(64)dbus1_3-1.13.18-3.1.mga8 lib(64)dbus-devel-1.13.18-3.1.mga8 from SRPM: dbus-1.13.18-3.1.mga8.src.rpm
Status comment: Fixed upstream in 1.14.4 => (none)Status: NEW => ASSIGNEDAssignee: basesystem => qa-bugsCC: (none) => nicolas.salgueroCVE: (none) => CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
Debian has issued an advisory for this on October 6: https://www.debian.org/security/2022/dsa-5250
MGA8 VM No issues nor error messages in journal... The VM boots normally Sound is normal FF Plays youtube audio For me is OK for MGA8 x86
CC: (none) => neoser10
@Mauricio Please state 32 or 64 bit, and what desktop and login manager you use. @ all testers Please test logging out and in again. --- mga8-64, Plasma, SDDM, nvidia-current, kernel 5.15.65-desktop-1.mga8, old intel i7 Updated to - dbus-1.13.18-3.1.mga8.x86_64 - dbus-x11-1.13.18-3.1.mga8.x86_64 - lib64dbus1_3-1.13.18-3.1.mga8.x86_64 and rebooted. All seemed to go well until I logged out and log in: The progress slider stops at half. Mouse pointer works. After unusual long time the plasma login sound plays. Waited minutes, no desktop. This system have always had problems to get to terminal screens (i.e Ctrl-Alt-F2) so I could not investigate that way. ctrl-alt-backspace x2 got me back to login. Tried logging in again, and this time login sound play immediately, but still no desktop and progress bar stuck at half. ctrl-alt-backspace back to login, and this time i chose to reboot. That also fail, with black screen. Ctrl-Alt-del x2 brought it down. After the reboot I could repeat the problem exactly. I know it usually works to log out and log in. Comparing the journal from before update, there following are the more lines containing "failed": okt 08 14:48:04 svarten.tribun kglobalaccel5[103542]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:48:05 svarten.tribun kglobalaccel5[103552]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:48:05 svarten.tribun kglobalaccel5[103601]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:48:05 svarten.tribun kglobalaccel5[103607]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:48:05 svarten.tribun kglobalaccel5[103610]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:13 svarten.tribun kglobalaccel5[135536]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:14 svarten.tribun kglobalaccel5[135569]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:14 svarten.tribun pulseaudio[132622]: Failed to load module "module-x11-xsmp" (argument: "display=:0 xauthority=/home/morgan/.Xauthority session_manager=local/svarten.tribun:@/tmp/.ICE-unix/108510,unix/svarten.tribun:/tmp/.ICE-unix/108510"): initialization failed. okt 08 14:50:14 svarten.tribun kglobalaccel5[135590]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:14 svarten.tribun kglobalaccel5[135609]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:15 svarten.tribun konsole[135613]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:17 svarten.tribun dolphin[135617]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:19 svarten.tribun ktorrent[135621]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:23 svarten.tribun sirikali[135627]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:50:28 svarten.tribun pulseaudio[135591]: GetManagedObjects() failed: org.freedesktop.DBus.Error.TimedOut: Failed to activate service 'org.bluez': timed out (service_start_timeout=25000ms) okt 08 14:50:28 svarten.tribun kwalletd5[135670]: Wallet failed to get opened by PAM, error code is -9 okt 08 14:50:28 svarten.tribun plasma_session[135778]: org.kde.plasma.session: failed to parse "/etc/xdg/autostart/xapp-sn-watcher.desktop" for autostart okt 08 14:50:28 svarten.tribun org_kde_powerdevil[135882]: org.kde.powerdevil: org.kde.powerdevil.chargethresholdhelper.getthreshold failed "Charge thresholds not supported" okt 08 14:50:28 svarten.tribun org_kde_powerdevil[135882]: org.kde.powerdevil: org.kde.powerdevil.backlighthelper.brightness failed okt 08 14:50:28 svarten.tribun org_kde_powerdevil[135882]: org.kde.powerdevil: org.kde.powerdevil.chargethresholdhelper.getthreshold failed "Charge thresholds not supported" okt 08 14:52:10 svarten.tribun kglobalaccel5[157325]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:11 svarten.tribun kglobalaccel5[157433]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:11 svarten.tribun kglobalaccel5[157459]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:11 svarten.tribun kglobalaccel5[157467]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:12 svarten.tribun kglobalaccel5[157471]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:25 svarten.tribun kglobalaccel5[157478]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:25 svarten.tribun kglobalaccel5[157482]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:25 svarten.tribun kglobalaccel5[157485]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:25 svarten.tribun kglobalaccel5[157488]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. okt 08 14:52:25 svarten.tribun kglobalaccel5[157491]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.
CC: (none) => fri
@Morgan Thanks for show my error in the report Is a MGA8 x86 VM This machine has LXDE DE The Desktop works as usual, reboot without issues Journal does not show warnings
(In reply to Mauricio Andrés Bustamante Viveros from comment #6) Thank you for the clarifications > reboot without issues For me too. But my system experience problems when logging in after logging out ( *without* rebooting) Could you try that?
Installed the update using qarep in a vb guest snapshot. Ignored the message "You should restart your computer for dbus", and just logged out. Login again was ok. No unusual messages in the journal and everything appears to be working. Validating the update. Advisory committed to svn.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0365.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
I am not convenient this slipped out with so little tests despite the regression on my system.
I chose to let it through as it does inform the user they should reboot. Sorry, going back and reading your comment again, I realize I missed the line "After the reboot I could repeat the problem exactly.". The description for kglobalaccel is "KDE Framework 5 Tier 1 integration module for global shortcuts". Searching on the error message, the most common cause is file corruption, hence the suggestion to reinstall the application. Check dmesg for any i/o errors, and try re-installing with "urpmi --replacepkgs --replacefiles kglobalaccel dbus".
You scared me there - I hate file corruption. Replaced packages, rebooted: still problems. And BTW I also wrote I rebooted even before first test. But iterating tests now show the problem is not always hitting, so maybe some timing that may trig. Example: It seem more suspectible if I leave BOINC crunching on all cores, and more programs running (I.e Firefox, that lost memory of open tabs). I guess it fail shitting down applications and processes cleanly, which in turn make problems when logging in again and restoring. One try I waited a minute for desktop to appear, having only the progress bar and mouse pointer I double clicked and desktop appeared, but some windows was not drawn fully, but some programs operative, including plasma logout worked. Logged out then in and all is OK since then and i am writing this. So not a large problem, but rather a tendency. On my system. It is no life support system anyway... Who other have tried, as I asked in Comment 5, to log out and in again? Preferably repetitively.