Update for ImageMagick, ImageMagick.256, Mozilla... security
update for dbus-1, dbus-1-x11
- Submitted by Timo Hoenig (thoenig)
After automatic upgrade of dbus VirtualBox 4.2 can no longer open files
kdesu will not start application
VUL-0: dbus-1: denial of service
dbus-1 session bus connection policy bug / was gnomesu
rcdbus reload doesn't work
dbus-1: setuid binaries need to be position independent
obsolete -XXbit packages during system upgrade
VUL-0: dbus incorrect use of [send|receive]_requested_reply policy rule
VUL-0: libdbus using getenv() in suids
dbus segfaults, leaving the system unusable
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibl
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.