Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SuSE Security Advisory SUSE-SA:2009:013 (dbus-1, hal, NetworkManager, PackageKit, ...)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing updates announced in advisory SUSE-SA:2009:013.
Insight
Insight
Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that intended access control for some services was not applied. The updated DBus package now installs a new policy that denies access by default. Unfortunately some DBus services actually relied on the insecure default setting and break with the new policy. Therefore quite a number of packages is affected by this DBus update. The updated DBus daemon now logs access violations via syslog. If you see log entries about rejected messages of type method_call during normal operation the application that caused it likely needs an updated DBus policy. Please contact the application vendor in this case.
Solution
Solution
Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:013