dbus-1-glib-0.108-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10280-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dbus-1-glib-0.108-2.1 on GA media These are all security issues fixed in the dbus-1-glib-0.108-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10280 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-1172/ SUSE CVE CVE-2010-1172 page https://www.suse.com/security/cve/CVE-2013-0292/ SUSE CVE CVE-2013-0292 page openSUSE Tumbleweed dbus-1-glib-0.108-2.1 dbus-1-glib-32bit-0.108-2.1 dbus-1-glib-devel-0.108-2.1 dbus-1-glib-devel-32bit-0.108-2.1 dbus-1-glib-doc-0.108-2.1 dbus-1-glib-tool-0.108-2.1 dbus-1-glib-0.108-2.1 as a component of openSUSE Tumbleweed dbus-1-glib-32bit-0.108-2.1 as a component of openSUSE Tumbleweed dbus-1-glib-devel-0.108-2.1 as a component of openSUSE Tumbleweed dbus-1-glib-devel-32bit-0.108-2.1 as a component of openSUSE Tumbleweed dbus-1-glib-doc-0.108-2.1 as a component of openSUSE Tumbleweed dbus-1-glib-tool-0.108-2.1 as a component of openSUSE Tumbleweed DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. CVE-2010-1172 openSUSE Tumbleweed:dbus-1-glib-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-32bit-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-devel-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-devel-32bit-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-doc-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-tool-0.108-2.1 moderate 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1172.html CVE-2010-1172 https://bugzilla.suse.com/628607 SUSE Bug 628607 https://bugzilla.suse.com/633621 SUSE Bug 633621 https://bugzilla.suse.com/633622 SUSE Bug 633622 https://bugzilla.suse.com/633623 SUSE Bug 633623 https://bugzilla.suse.com/633629 SUSE Bug 633629 https://bugzilla.suse.com/633637 SUSE Bug 633637 https://bugzilla.suse.com/633639 SUSE Bug 633639 https://bugzilla.suse.com/633648 SUSE Bug 633648 https://bugzilla.suse.com/633652 SUSE Bug 633652 https://bugzilla.suse.com/633653 SUSE Bug 633653 https://bugzilla.suse.com/633654 SUSE Bug 633654 https://bugzilla.suse.com/633658 SUSE Bug 633658 https://bugzilla.suse.com/633660 SUSE Bug 633660 https://bugzilla.suse.com/633678 SUSE Bug 633678 https://bugzilla.suse.com/633679 SUSE Bug 633679 https://bugzilla.suse.com/633681 SUSE Bug 633681 https://bugzilla.suse.com/633682 SUSE Bug 633682 https://bugzilla.suse.com/633685 SUSE Bug 633685 https://bugzilla.suse.com/633686 SUSE Bug 633686 https://bugzilla.suse.com/633700 SUSE Bug 633700 https://bugzilla.suse.com/633701 SUSE Bug 633701 https://bugzilla.suse.com/633702 SUSE Bug 633702 The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. CVE-2013-0292 openSUSE Tumbleweed:dbus-1-glib-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-32bit-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-devel-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-devel-32bit-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-doc-0.108-2.1 openSUSE Tumbleweed:dbus-1-glib-tool-0.108-2.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0292.html CVE-2013-0292 https://bugzilla.suse.com/792095 SUSE Bug 792095 https://bugzilla.suse.com/804392 SUSE Bug 804392