Security update for dbus-1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2590-1 Final 1 1 2021-08-02T10:53:19Z current 2021-08-02T10:53:19Z 2021-08-02T10:53:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dbus-1 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105) - CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sles12sp3:latest-2021-2590,HPE-Helion-OpenStack-8-2021-2590,SUSE-2021-2590,SUSE-OpenStack-Cloud-8-2021-2590,SUSE-OpenStack-Cloud-9-2021-2590,SUSE-OpenStack-Cloud-Crowbar-8-2021-2590,SUSE-OpenStack-Cloud-Crowbar-9-2021-2590,SUSE-SLE-SAP-12-SP3-2021-2590,SUSE-SLE-SAP-12-SP4-2021-2590,SUSE-SLE-SERVER-12-SP3-2021-2590,SUSE-SLE-SERVER-12-SP3-BCL-2021-2590,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2590 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212590-1/ Link for SUSE-SU-2021:2590-1 https://lists.suse.com/pipermail/sle-security-updates/2021-August/009240.html E-Mail link for SUSE-SU-2021:2590-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172505 SUSE Bug 1172505 https://bugzilla.suse.com/1187105 SUSE Bug 1187105 https://www.suse.com/security/cve/CVE-2020-12049/ SUSE CVE CVE-2020-12049 page https://www.suse.com/security/cve/CVE-2020-35512/ SUSE CVE CVE-2020-35512 page Container suse/sles12sp3:latest HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 libdbus-1-3-1.8.22-29.21.1 dbus-1-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 dbus-1-devel-1.8.22-29.21.1 dbus-1-devel-32bit-1.8.22-29.21.1 dbus-1-devel-64bit-1.8.22-29.21.1 dbus-1-devel-doc-1.8.22-29.21.1 dbus-1-nox11-1.8.22-29.21.1 libdbus-1-3-64bit-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 as a component of Container suse/sles12sp3:latest dbus-1-1.8.22-29.21.1 as a component of HPE Helion OpenStack 8 dbus-1-x11-1.8.22-29.21.1 as a component of HPE Helion OpenStack 8 libdbus-1-3-1.8.22-29.21.1 as a component of HPE Helion OpenStack 8 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of HPE Helion OpenStack 8 dbus-1-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL dbus-1-x11-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libdbus-1-3-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL dbus-1-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS dbus-1-x11-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libdbus-1-3-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS dbus-1-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS dbus-1-x11-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libdbus-1-3-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS dbus-1-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 dbus-1-x11-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libdbus-1-3-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 dbus-1-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 dbus-1-x11-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libdbus-1-3-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 dbus-1-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 8 dbus-1-x11-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 8 libdbus-1-3-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 8 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 8 dbus-1-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 9 dbus-1-x11-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 9 libdbus-1-3-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 9 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud 9 dbus-1-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 8 dbus-1-x11-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 8 libdbus-1-3-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 8 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 8 dbus-1-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 9 dbus-1-x11-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 9 libdbus-1-3-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 9 libdbus-1-3-32bit-1.8.22-29.21.1 as a component of SUSE OpenStack Cloud Crowbar 9 An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. CVE-2020-12049 Container suse/sles12sp3:latest:libdbus-1-3-1.8.22-29.21.1 HPE Helion OpenStack 8:dbus-1-1.8.22-29.21.1 HPE Helion OpenStack 8:dbus-1-x11-1.8.22-29.21.1 HPE Helion OpenStack 8:libdbus-1-3-1.8.22-29.21.1 HPE Helion OpenStack 8:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud 8:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud 8:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud 8:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud 8:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud 9:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud 9:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud 9:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud 9:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:libdbus-1-3-32bit-1.8.22-29.21.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212590-1/ https://www.suse.com/security/cve/CVE-2020-12049.html CVE-2020-12049 https://bugzilla.suse.com/1172505 SUSE Bug 1172505 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors CVE-2020-35512 Container suse/sles12sp3:latest:libdbus-1-3-1.8.22-29.21.1 HPE Helion OpenStack 8:dbus-1-1.8.22-29.21.1 HPE Helion OpenStack 8:dbus-1-x11-1.8.22-29.21.1 HPE Helion OpenStack 8:libdbus-1-3-1.8.22-29.21.1 HPE Helion OpenStack 8:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-BCL:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:dbus-1-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:dbus-1-x11-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libdbus-1-3-1.8.22-29.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud 8:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud 8:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud 8:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud 8:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud 9:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud 9:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud 9:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud 9:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 8:libdbus-1-3-32bit-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:dbus-1-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:dbus-1-x11-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:libdbus-1-3-1.8.22-29.21.1 SUSE OpenStack Cloud Crowbar 9:libdbus-1-3-32bit-1.8.22-29.21.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212590-1/ https://www.suse.com/security/cve/CVE-2020-35512.html CVE-2020-35512 https://bugzilla.suse.com/1187105 SUSE Bug 1187105 https://bugzilla.suse.com/1189662 SUSE Bug 1189662 https://bugzilla.suse.com/1205052 SUSE Bug 1205052