Security update for dbus-1
This update fixes the following security issues:
* CVE-2014-8148:
- Do not allow calls to UpdateActivationEnvironment from uids
other than the uid of the dbus-daemon. If a system service
installs unsafe security policy rules that allow arbitrary
method calls (such as CVE-2014-8148) then this prevents
memory consumption and possible privilege escalation via
UpdateActivationEnvironment.
* CVE-2012-3524: Don't access environment variables (bnc#912016)
-
Submitted by
Fridrich Strba (fstrba)
Fixed bugs
bnc#912016
VUL-0: CVE-2012-3524: dbus: privilege escalation when libdbus is used in setuid/setgid application
