← Back to team overview

debcrafters-packages team mailing list archive

  1. debcrafters-packages team
  2. Mailing list archive
  3. Message #00480

[Bug 2061155] Re: Use-after-close vulnerability in dbus-broker 35. Please upgrade package to 36

  Thread PreviousDate PreviousThread Next 
Hello XA, or anyone else affected,

Accepted dbus-broker into noble-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/dbus-
broker/35-2ubuntu0.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
noble to verification-done-noble. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-noble. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: dbus-broker (Ubuntu Noble)
       Status: Confirmed => Fix Committed

** Tags added: verification-needed verification-needed-noble

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to dbus-broker in Ubuntu.
https://bugs.launchpad.net/bugs/2061155

Title:
  Use-after-close vulnerability in dbus-broker 35. Please upgrade
  package to 36

Status in dbus-broker package in Ubuntu:
  Fix Released
Status in dbus-broker source package in Noble:
  Fix Committed
Status in dbus-broker source package in Oracular:
  Fix Released
Status in dbus-broker source package in Plucky:
  Fix Released
Status in dbus-broker source package in Questing:
  Fix Released

Bug description:
  [Original Description/Impact]

  Per https://github.com/bus1/dbus-broker/releases/tag/v36 :

  # dbus-broker - Linux D-Bus Message Broker

  ## CHANGES WITH 36:

      * Fix possible file-descriptor use-after-close, which can lead to
        broker termination or disclosure of internal file-desciptors to
        clients.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: dbus-broker 35-2
  ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
  Uname: Linux 6.8.0-22-generic x86_64
  ApportVersion: 2.28.0-0ubuntu1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Apr 12 11:24:50 2024
  InstallationDate: Installed on 2024-04-08 (4 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240407.2)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: dbus-broker
  UpgradeStatus: No upgrade log present (probably fresh install)

  This is a potential issue, that hasn't been demonstrated in practice,
  but it would be good to fix it in the noble LTS release anyway, just
  in case. The fix has been out and in multiple Ubuntu releases
  including Oracular and Plucky, and no issues have been reported.

  [Test Plan]

  Build and install the patched dbus-broker in a container and check
  that it doesn't break:

  Noble:

  root@localhost:/tmp# apt install ./dbus-broker_35-2ubuntu0.1_amd64.deb
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Note, selecting 'dbus-broker' instead of './dbus-broker_35-2ubuntu0.1_amd64.deb'
  The following NEW packages will be installed:
    dbus-broker
  0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 0 B/169 kB of archives.
  After this operation, 430 kB of additional disk space will be used.
  Get:1 /tmp/dbus-broker_35-2ubuntu0.1_amd64.deb dbus-broker amd64 35-2ubuntu0.1 [169 kB]
  Selecting previously unselected package dbus-broker.
  (Reading database ... 27500 files and directories currently installed.)
  Preparing to unpack .../dbus-broker_35-2ubuntu0.1_amd64.deb ...
  Unpacking dbus-broker (35-2ubuntu0.1) ...
  Setting up dbus-broker (35-2ubuntu0.1) ...
  Replacing the running dbus-daemon with dbus-broker requires a reboot:
  please reboot the system when convenient.
  Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service.
  Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service.
  Processing triggers for man-db (2.12.0-4build2) ...
  Processing triggers for systemd (255.4-1ubuntu8) ...
  root@localhost:/tmp# systemctl daemon-reload
  root@localhost:/tmp# systemctl restart dbus-broker
  root@localhost:/tmp# systemctl status dbus-broker
  ● dbus-broker.service - D-Bus System Message Bus
       Loaded: loaded (/usr/lib/systemd/system/dbus-broker.service; enabled; preset: enabled)
       Active: active (running) since Tue 2025-05-06 15:00:08 BST; 3s ago
  TriggeredBy: ● dbus.socket
         Docs: man:dbus-broker-launch(1)
     Main PID: 2458 (dbus-broker-lau)
        Tasks: 2 (limit: 66786)
       Memory: 1.3M (peak: 2.1M)
          CPU: 10ms
       CGroup: /system.slice/dbus-broker.service
               ├─2458 /usr/bin/dbus-broker-launch --scope system --audit
               └─2459 dbus-broker --log 4 --controller 9 --machine-id b70250626e354e8481fe3ed01e2a769f --max-bytes 5368>

  May 06 15:00:08 localhost systemd[1]: Starting dbus-broker.service - D-Bus System Message Bus...
  May 06 15:00:08 localhost dbus-broker-launch[2458]: Kernel is missing AppArmor DBus support.
  May 06 15:00:08 localhost systemd[1]: Started dbus-broker.service - D-Bus System Message Bus.
  May 06 15:00:08 localhost dbus-broker-launch[2458]: Ready
  root@localhost:/tmp# cat /etc/os-release
  PRETTY_NAME="Ubuntu 24.04 LTS"
  NAME="Ubuntu"
  VERSION_ID="24.04"
  VERSION="24.04 LTS (Noble Numbat)"
  VERSION_CODENAME=noble
  ID=ubuntu
  ID_LIKE=debian
  HOME_URL="https://www.ubuntu.com/";
  SUPPORT_URL="https://help.ubuntu.com/";
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
  PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
  UBUNTU_CODENAME=noble
  LOGO=ubuntu-logo

  
  [Where problems could occur]

  File descriptor handling is pretty central to D-Bus, so if a problem
  occurred there the system functionality would degrade and probably
  stop working entirely, as clients would no longer be able to
  successfully pass FDs via D-Bus messages, which is relied upon heavily
  by components such as systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2061155/+subscriptions
  Thread PreviousDate PreviousThread Next