[Pkg-utopia-maintainers] Bug#794081: NetworkManager should not override max_replies_per_connection limit
Michael Biebl
biebl at debian.org
Thu Jul 30 11:13:15 UTC 2015
Package: network-manager
Version: 1.0.4-1
Severity: important
File: /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
Seeing the latest upstream release, it noticed the following commit [1]:
> dbus: increase 'max_replies_per_connection' limit in D-Bus
> configuration
> D-Bus default limit of replies per connection has been lowered to 128
> due to
> CVE-2014-3638, see:
> http://cgit.freedesktop.org/dbus/dbus/commit/?id=5bc7f9519ebc6117ba300c704794b36b87c2194b
> https://bugs.freedesktop.org/show_bug.cgi?id=81053
>
> The limit seems to be too low and causes problems in libnm-glib, that
> will not
> return all NetworkManager connection profiles if there are too many of
> them
> (roughly more than the limit). As a consequence, libnm-glib based
> clients will
> not work properly.
I don't think it's a good idea, that invidual packages override the dbus
limit, which was lowered in responce to a CVE.
Filing this bug to keep track of the issue.
See [2] and the followup messages.
Michael
[1] http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=2c299ba65c51e9c407090dc83929d692c74ee3f2
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773525#35
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages network-manager depends on:
ii adduser 3.113+nmu3
ii dbus 1.8.20-1
ii init-system-helpers 1.23
ii isc-dhcp-client 4.3.2-1
ii libbluetooth3 5.23-2+b1
ii libc6 2.19-19
ii libdbus-1-3 1.8.20-1
ii libdbus-glib-1-2 0.102-1
ii libgcrypt20 1.6.3-2
ii libglib2.0-0 2.44.1-1.1
ii libgnutls-deb0-28 3.3.16-1
ii libgudev-1.0-0 230-2
ii libmm-glib0 1.4.10-1
ii libndp0 1.4-2
ii libnewt0.52 0.52.18-1
ii libnl-3-200 3.2.26-1
ii libnl-genl-3-200 3.2.26-1
ii libnl-route-3-200 3.2.26-1
ii libnm0 1.0.4-1
ii libpam-systemd 223-2
ii libpolkit-agent-1-0 0.105-11
ii libpolkit-gobject-1-0 0.105-11
ii libreadline6 6.3-8+b3
ii libsoup2.4-1 2.50.0-2
ii libsystemd0 223-2
ii libteamdctl0 1.17-1
ii libuuid1 2.26.2-9
ii lsb-base 4.1+Debian13+nmu1
ii policykit-1 0.105-11
ii udev 223-2
ii wpasupplicant 2.3-2
Versions of packages network-manager recommends:
ii crda 3.13-1
ii dnsmasq-base 2.74-1
ii iptables 1.4.21-2+b1
ii iputils-arping 3:20121221-5+b2
ii modemmanager 1.4.10-1
ii ppp 2.4.6-3.1
Versions of packages network-manager suggests:
ii avahi-autoipd 0.6.31-5
pn libteam-utils <none>
-- Configuration Files:
/etc/NetworkManager/NetworkManager.conf changed [not included]
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list