{"affected":[{"ecosystem_specific":{"binaries":[{"dbus-1":"1.8.22-22.2","dbus-1-x11":"1.8.22-22.2","libdbus-1-3":"1.8.22-22.2","libdbus-1-3-32bit":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"dbus-1","purl":"pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1":"1.8.22-22.2","dbus-1-x11":"1.8.22-22.2","libdbus-1-3":"1.8.22-22.2","libdbus-1-3-32bit":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"dbus-1-x11","purl":"pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1-devel":"1.8.22-22.2","dbus-1-devel-doc":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"dbus-1","purl":"pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1-devel":"1.8.22-22.2","dbus-1-devel-doc":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"dbus-1-x11","purl":"pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1":"1.8.22-22.2","dbus-1-x11":"1.8.22-22.2","libdbus-1-3":"1.8.22-22.2","libdbus-1-3-32bit":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"dbus-1","purl":"pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1":"1.8.22-22.2","dbus-1-x11":"1.8.22-22.2","libdbus-1-3":"1.8.22-22.2","libdbus-1-3-32bit":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"dbus-1-x11","purl":"pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1":"1.8.22-22.2","dbus-1-x11":"1.8.22-22.2","libdbus-1-3":"1.8.22-22.2","libdbus-1-3-32bit":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"dbus-1","purl":"pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dbus-1":"1.8.22-22.2","dbus-1-x11":"1.8.22-22.2","libdbus-1-3":"1.8.22-22.2","libdbus-1-3-32bit":"1.8.22-22.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"dbus-1-x11","purl":"pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.22-22.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for dbus-1 to version 1.8.22 fixes one security issue and bugs.\n\nThe following security issue was fixed:\n\n- bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string.\n\nThe following upstream changes are included:\n\n- Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus.\n- Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008)\n- Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952)\n- Add locking to DBusCounter's reference count and notify function (fdo#89297)\n- Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312)\n- Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021)\n- Correctly initialize all fields of DBusTypeReader (fdo#90021)\n- Fix some missing \\n in verbose (debug log) messages (fdo#90004)\n- Clean up some memory leaks in test code (fdo#90021)\n","id":"SUSE-SU-2016:2565-1","modified":"2016-10-19T09:20:25Z","published":"2016-10-19T09:20:25Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162565-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003898"}],"related":[],"summary":"Security update for dbus-1","upstream":[]}