Headline
RHSA-2022:6608: Red Hat Security Advisory: dbus-broker security update
An update for dbus-broker is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-31212: dbus-broker: a stack buffer over-read if a malicious Exec line is supplied
- CVE-2022-31213: dbus-broker: null pointer reference when supplying a malformed XML config file
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-09-20
Updated:
2022-09-20
RHSA-2022:6608 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: dbus-broker security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for dbus-broker is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases.
Security Fix(es):
- dbus-broker: a stack buffer over-read if a malicious Exec line is supplied (CVE-2022-31212)
- dbus-broker: null pointer reference when supplying a malformed XML config file (CVE-2022-31213)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2094718 - CVE-2022-31212 dbus-broker: a stack buffer over-read if a malicious Exec line is supplied
- BZ - 2094722 - CVE-2022-31213 dbus-broker: null pointer reference when supplying a malformed XML config file
Red Hat Enterprise Linux for x86_64 9
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
x86_64
dbus-broker-28-5.1.el9_0.x86_64.rpm
SHA-256: 571d7e975b9cca6a248237b5a4c72274b1277ce928da601172f6d8fa2c8df3e7
dbus-broker-debuginfo-28-5.1.el9_0.x86_64.rpm
SHA-256: bc842de18070a3bd3548e6aa7a791c7c4b8b9c25d7b5d94e52797a9bd80f5aa2
dbus-broker-debugsource-28-5.1.el9_0.x86_64.rpm
SHA-256: cdf186eb293b3ae5010137b58ebb66201323667339dff5a8edf02501369e4b6e
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
x86_64
dbus-broker-28-5.1.el9_0.x86_64.rpm
SHA-256: 571d7e975b9cca6a248237b5a4c72274b1277ce928da601172f6d8fa2c8df3e7
dbus-broker-debuginfo-28-5.1.el9_0.x86_64.rpm
SHA-256: bc842de18070a3bd3548e6aa7a791c7c4b8b9c25d7b5d94e52797a9bd80f5aa2
dbus-broker-debugsource-28-5.1.el9_0.x86_64.rpm
SHA-256: cdf186eb293b3ae5010137b58ebb66201323667339dff5a8edf02501369e4b6e
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
s390x
dbus-broker-28-5.1.el9_0.s390x.rpm
SHA-256: 3f02e7f2db5ab4140776399dd0ea86095fe551af2ceef262445fb92f8dc62e15
dbus-broker-debuginfo-28-5.1.el9_0.s390x.rpm
SHA-256: 1705dd9c6156af4e111abcb0c7365e539e59913d761b6eba8f255a37ffada1b4
dbus-broker-debugsource-28-5.1.el9_0.s390x.rpm
SHA-256: 472448d8580e108805151bcec7e36954f817ccf4cae48ab7d060efaa08423bf2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
s390x
dbus-broker-28-5.1.el9_0.s390x.rpm
SHA-256: 3f02e7f2db5ab4140776399dd0ea86095fe551af2ceef262445fb92f8dc62e15
dbus-broker-debuginfo-28-5.1.el9_0.s390x.rpm
SHA-256: 1705dd9c6156af4e111abcb0c7365e539e59913d761b6eba8f255a37ffada1b4
dbus-broker-debugsource-28-5.1.el9_0.s390x.rpm
SHA-256: 472448d8580e108805151bcec7e36954f817ccf4cae48ab7d060efaa08423bf2
Red Hat Enterprise Linux for Power, little endian 9
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
ppc64le
dbus-broker-28-5.1.el9_0.ppc64le.rpm
SHA-256: 553960c2ae15b6513d08e01df762d4b47b4350a9a9774fce8bcad84ff53fcd36
dbus-broker-debuginfo-28-5.1.el9_0.ppc64le.rpm
SHA-256: f54eac4caacd5316e27fede44d638253ef32def9e92bd873c6df642d1c903ed1
dbus-broker-debugsource-28-5.1.el9_0.ppc64le.rpm
SHA-256: d3674e4d112fe4e1690c1051b9bb6f5e658a02973010aa92f07a9153d4742c08
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
ppc64le
dbus-broker-28-5.1.el9_0.ppc64le.rpm
SHA-256: 553960c2ae15b6513d08e01df762d4b47b4350a9a9774fce8bcad84ff53fcd36
dbus-broker-debuginfo-28-5.1.el9_0.ppc64le.rpm
SHA-256: f54eac4caacd5316e27fede44d638253ef32def9e92bd873c6df642d1c903ed1
dbus-broker-debugsource-28-5.1.el9_0.ppc64le.rpm
SHA-256: d3674e4d112fe4e1690c1051b9bb6f5e658a02973010aa92f07a9153d4742c08
Red Hat Enterprise Linux for ARM 64 9
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
aarch64
dbus-broker-28-5.1.el9_0.aarch64.rpm
SHA-256: 04a2e69fe31fdbfb95fbae89d43525ef175976ef9682d83e5a33bfc54db332fe
dbus-broker-debuginfo-28-5.1.el9_0.aarch64.rpm
SHA-256: cef02b487c4aac01d6478fdd3929517f424ac1235125d9515013ecb98aac63e3
dbus-broker-debugsource-28-5.1.el9_0.aarch64.rpm
SHA-256: cdca5c690d0e051a585c38eccd2bb2a7146bcd01da577a84efcf36c3a52eebc4
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
aarch64
dbus-broker-28-5.1.el9_0.aarch64.rpm
SHA-256: 04a2e69fe31fdbfb95fbae89d43525ef175976ef9682d83e5a33bfc54db332fe
dbus-broker-debuginfo-28-5.1.el9_0.aarch64.rpm
SHA-256: cef02b487c4aac01d6478fdd3929517f424ac1235125d9515013ecb98aac63e3
dbus-broker-debugsource-28-5.1.el9_0.aarch64.rpm
SHA-256: cdca5c690d0e051a585c38eccd2bb2a7146bcd01da577a84efcf36c3a52eebc4
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
ppc64le
dbus-broker-28-5.1.el9_0.ppc64le.rpm
SHA-256: 553960c2ae15b6513d08e01df762d4b47b4350a9a9774fce8bcad84ff53fcd36
dbus-broker-debuginfo-28-5.1.el9_0.ppc64le.rpm
SHA-256: f54eac4caacd5316e27fede44d638253ef32def9e92bd873c6df642d1c903ed1
dbus-broker-debugsource-28-5.1.el9_0.ppc64le.rpm
SHA-256: d3674e4d112fe4e1690c1051b9bb6f5e658a02973010aa92f07a9153d4742c08
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
x86_64
dbus-broker-28-5.1.el9_0.x86_64.rpm
SHA-256: 571d7e975b9cca6a248237b5a4c72274b1277ce928da601172f6d8fa2c8df3e7
dbus-broker-debuginfo-28-5.1.el9_0.x86_64.rpm
SHA-256: bc842de18070a3bd3548e6aa7a791c7c4b8b9c25d7b5d94e52797a9bd80f5aa2
dbus-broker-debugsource-28-5.1.el9_0.x86_64.rpm
SHA-256: cdf186eb293b3ae5010137b58ebb66201323667339dff5a8edf02501369e4b6e
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
aarch64
dbus-broker-28-5.1.el9_0.aarch64.rpm
SHA-256: 04a2e69fe31fdbfb95fbae89d43525ef175976ef9682d83e5a33bfc54db332fe
dbus-broker-debuginfo-28-5.1.el9_0.aarch64.rpm
SHA-256: cef02b487c4aac01d6478fdd3929517f424ac1235125d9515013ecb98aac63e3
dbus-broker-debugsource-28-5.1.el9_0.aarch64.rpm
SHA-256: cdca5c690d0e051a585c38eccd2bb2a7146bcd01da577a84efcf36c3a52eebc4
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
dbus-broker-28-5.1.el9_0.src.rpm
SHA-256: 362f7912aeea109224c3b44eaaa6b817e8cd3c4146ec070eab711879b764be7a
s390x
dbus-broker-28-5.1.el9_0.s390x.rpm
SHA-256: 3f02e7f2db5ab4140776399dd0ea86095fe551af2ceef262445fb92f8dc62e15
dbus-broker-debuginfo-28-5.1.el9_0.s390x.rpm
SHA-256: 1705dd9c6156af4e111abcb0c7365e539e59913d761b6eba8f255a37ffada1b4
dbus-broker-debugsource-28-5.1.el9_0.s390x.rpm
SHA-256: 472448d8580e108805151bcec7e36954f817ccf4cae48ab7d060efaa08423bf2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-6608-01 - dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases. Issues addressed include buffer over-read and null pointer vulnerabilities.
Red Hat Security Advisory 2022-6608-01 - dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases. Issues addressed include buffer over-read and null pointer vulnerabilities.
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.
dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.
dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.