NS-SA-2024-0062
2024-09-03 09:34:50
简介
important: dbus/systemd security update
严重级别
important
主题
An update for dbus/systemd is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
dbus:
systemd:
Security Fix(es):
dbus: An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.(CVE-2023-34969)
dbus: bugfix
systemd: A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.(CVE-2022-2526)
systemd: A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This issue presents a substantial security risk when running systemctl from Sudo because less executes as root when the terminal size is too small to show the complete systemctl output.(CVE-2023-26604)
systemd: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.
影响组件
影响产品
更新包
{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["dbus-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm","dbus-tools-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm","dbus-x11-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm","dbus-daemon-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm","dbus-common-1.12.8-10.el8_2.cgslv6_2.8.g054773e.noarch.rpm","dbus-devel-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm","dbus-libs-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm"],"source":"dbus-1.12.8-10.el8_2.cgslv6_2.8.g054773e.src.rpm"},{"binary":["systemd-devel-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm","systemd-container-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm","systemd-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm","systemd-pam-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm","systemd-libs-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm","systemd-udev-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm"],"source":"systemd-239-45.el8_4.2.cgslv6_2.21.gd25af2b.src.rpm"}]}]}
CGSL MAIN 6.02
- dbus-1.12.8-10.el8_2.cgslv6_2.8.g054773e.src.rpm
- dbus-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm
- dbus-tools-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm
- dbus-x11-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm
- dbus-daemon-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm
- dbus-common-1.12.8-10.el8_2.cgslv6_2.8.g054773e.noarch.rpm
- dbus-devel-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm
- dbus-libs-1.12.8-10.el8_2.cgslv6_2.8.g054773e.x86_64.rpm
- systemd-239-45.el8_4.2.cgslv6_2.21.gd25af2b.src.rpm
- systemd-devel-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm
- systemd-container-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm
- systemd-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm
- systemd-pam-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm
- systemd-libs-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm
- systemd-udev-239-45.el8_4.2.cgslv6_2.21.gd25af2b.x86_64.rpm
CVE
参考