SuSE Security Advisory SUSE-SA:2009:013 (dbus-1, hal, NetworkManager, PackageKit, ...)

The remote host is missing updates announced in advisory SUSE-SA:2009:013.

Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that intended access control for some services was not applied. The updated DBus package now installs a new policy that denies access by default. Unfortunately some DBus services actually relied on the insecure default setting and break with the new policy. Therefore quite a number of packages is affected by this DBus update. The updated DBus daemon now logs access violations via syslog. If you see log entries about rejected messages of type method_call during normal operation the application that caused it likely needs an updated DBus policy. Please contact the application vendor in this case.

Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:013