A backport is available on Salsa, tested and ready to be source-uploaded by a sponsor:
https://salsa.debian.org/bluca/dbus- broker/-/tree/ubuntu/noble?ref_type=heads Note that it also contains a fix for https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2110040 ** Also affects: dbus-broker (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: dbus-broker (Ubuntu Questing) Importance: Undecided Status: New ** Changed in: dbus-broker (Ubuntu Questing) Status: New => Fix Released ** Also affects: dbus-broker (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: dbus-broker (Ubuntu Plucky) Importance: Undecided Status: New ** Changed in: dbus-broker (Ubuntu Plucky) Status: New => Fix Released ** Changed in: dbus-broker (Ubuntu Oracular) Status: New => Fix Released ** Changed in: dbus-broker (Ubuntu Noble) Status: New => Confirmed ** Description changed: + [Original Description/Impact] + Per https://github.com/bus1/dbus-broker/releases/tag/v36 : # dbus-broker - Linux D-Bus Message Broker ## CHANGES WITH 36: - * Fix possible file-descriptor use-after-close, which can lead to - broker termination or disclosure of internal file-desciptors to - clients. + * Fix possible file-descriptor use-after-close, which can lead to + broker termination or disclosure of internal file-desciptors to + clients. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: dbus-broker 35-2 ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1 Uname: Linux 6.8.0-22-generic x86_64 ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Apr 12 11:24:50 2024 InstallationDate: Installed on 2024-04-08 (4 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240407.2) ProcEnviron: - LANG=en_US.UTF-8 - PATH=(custom, no user) - SHELL=/bin/bash - TERM=xterm-256color - XDG_RUNTIME_DIR=<set> + LANG=en_US.UTF-8 + PATH=(custom, no user) + SHELL=/bin/bash + TERM=xterm-256color + XDG_RUNTIME_DIR=<set> SourcePackage: dbus-broker UpgradeStatus: No upgrade log present (probably fresh install) + + This is a potential issue, that hasn't been demonstrated in practice, + but it would be good to fix it in the noble LTS release anyway, just in + case. The fix has been out and in multiple Ubuntu releases including + Oracular and Plucky, and no issues have been reported. + + [Test Plan] + + Build and install the patched dbus-broker in a container and check that + it doesn't break: + + Noble: + + root@localhost:/tmp# apt install ./dbus-broker_35-2ubuntu0.1_amd64.deb + Reading package lists... Done + Building dependency tree... Done + Reading state information... Done + Note, selecting 'dbus-broker' instead of './dbus-broker_35-2ubuntu0.1_amd64.deb' + The following NEW packages will be installed: + dbus-broker + 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. + Need to get 0 B/169 kB of archives. + After this operation, 430 kB of additional disk space will be used. + Get:1 /tmp/dbus-broker_35-2ubuntu0.1_amd64.deb dbus-broker amd64 35-2ubuntu0.1 [169 kB] + Selecting previously unselected package dbus-broker. + (Reading database ... 27500 files and directories currently installed.) + Preparing to unpack .../dbus-broker_35-2ubuntu0.1_amd64.deb ... + Unpacking dbus-broker (35-2ubuntu0.1) ... + Setting up dbus-broker (35-2ubuntu0.1) ... + Replacing the running dbus-daemon with dbus-broker requires a reboot: + please reboot the system when convenient. + Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service. + Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service. + Processing triggers for man-db (2.12.0-4build2) ... + Processing triggers for systemd (255.4-1ubuntu8) ... + root@localhost:/tmp# systemctl daemon-reload + root@localhost:/tmp# systemctl restart dbus-broker + root@localhost:/tmp# systemctl status dbus-broker + ● dbus-broker.service - D-Bus System Message Bus + Loaded: loaded (/usr/lib/systemd/system/dbus-broker.service; enabled; preset: enabled) + Active: active (running) since Tue 2025-05-06 15:00:08 BST; 3s ago + TriggeredBy: ● dbus.socket + Docs: man:dbus-broker-launch(1) + Main PID: 2458 (dbus-broker-lau) + Tasks: 2 (limit: 66786) + Memory: 1.3M (peak: 2.1M) + CPU: 10ms + CGroup: /system.slice/dbus-broker.service + ├─2458 /usr/bin/dbus-broker-launch --scope system --audit + └─2459 dbus-broker --log 4 --controller 9 --machine-id b70250626e354e8481fe3ed01e2a769f --max-bytes 5368> + + May 06 15:00:08 localhost systemd[1]: Starting dbus-broker.service - D-Bus System Message Bus... + May 06 15:00:08 localhost dbus-broker-launch[2458]: Kernel is missing AppArmor DBus support. + May 06 15:00:08 localhost systemd[1]: Started dbus-broker.service - D-Bus System Message Bus. + May 06 15:00:08 localhost dbus-broker-launch[2458]: Ready + root@localhost:/tmp# cat /etc/os-release + PRETTY_NAME="Ubuntu 24.04 LTS" + NAME="Ubuntu" + VERSION_ID="24.04" + VERSION="24.04 LTS (Noble Numbat)" + VERSION_CODENAME=noble + ID=ubuntu + ID_LIKE=debian + HOME_URL="https://www.ubuntu.com/"; + SUPPORT_URL="https://help.ubuntu.com/"; + BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; + PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; + UBUNTU_CODENAME=noble + LOGO=ubuntu-logo + + + [Where problems could occur] + + File descriptor handling is pretty central to D-Bus, so if a problem + occurred there the system functionality would degrade and probably stop + working entirely, as clients would no longer be able to successfully + pass FDs via D-Bus messages, which is relied upon heavily by components + such as systemd. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to dbus-broker in Ubuntu. https://bugs.launchpad.net/bugs/2061155 Title: Use-after-close vulnerability in dbus-broker 35. Please upgrade package to 36 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2061155/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
