[Pkg-utopia-maintainers] Bug#794081: NetworkManager should not override max_replies_per_connection limit

Michael Biebl biebl at debian.org
Thu Jul 30 11:13:15 UTC 2015 

Package: network-manager
Version: 1.0.4-1
Severity: important
File: /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf


Seeing the latest upstream release, it noticed the following commit [1]:

> dbus: increase 'max_replies_per_connection' limit in D-Bus
> configuration
> D-Bus default limit of replies per connection has been lowered to 128
> due to
> CVE-2014-3638, see:
> http://cgit.freedesktop.org/dbus/dbus/commit/?id=5bc7f9519ebc6117ba300c704794b36b87c2194b
> https://bugs.freedesktop.org/show_bug.cgi?id=81053
>
> The limit seems to be too low and causes problems in libnm-glib, that
> will not
> return all NetworkManager connection profiles if there are too many of
> them
> (roughly more than the limit). As a consequence, libnm-glib based
> clients will
> not work properly.

I don't think it's a good idea, that invidual packages override the dbus
limit, which was lowered in responce to a CVE.

Filing this bug to keep track of the issue.

See [2] and the followup messages.

Michael


[1] http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=2c299ba65c51e9c407090dc83929d692c74ee3f2
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773525#35


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages network-manager depends on:
ii  adduser                3.113+nmu3
ii  dbus                   1.8.20-1
ii  init-system-helpers    1.23
ii  isc-dhcp-client        4.3.2-1
ii  libbluetooth3          5.23-2+b1
ii  libc6                  2.19-19
ii  libdbus-1-3            1.8.20-1
ii  libdbus-glib-1-2       0.102-1
ii  libgcrypt20            1.6.3-2
ii  libglib2.0-0           2.44.1-1.1
ii  libgnutls-deb0-28      3.3.16-1
ii  libgudev-1.0-0         230-2
ii  libmm-glib0            1.4.10-1
ii  libndp0                1.4-2
ii  libnewt0.52            0.52.18-1
ii  libnl-3-200            3.2.26-1
ii  libnl-genl-3-200       3.2.26-1
ii  libnl-route-3-200      3.2.26-1
ii  libnm0                 1.0.4-1
ii  libpam-systemd         223-2
ii  libpolkit-agent-1-0    0.105-11
ii  libpolkit-gobject-1-0  0.105-11
ii  libreadline6           6.3-8+b3
ii  libsoup2.4-1           2.50.0-2
ii  libsystemd0            223-2
ii  libteamdctl0           1.17-1
ii  libuuid1               2.26.2-9
ii  lsb-base               4.1+Debian13+nmu1
ii  policykit-1            0.105-11
ii  udev                   223-2
ii  wpasupplicant          2.3-2

Versions of packages network-manager recommends:
ii  crda            3.13-1
ii  dnsmasq-base    2.74-1
ii  iptables        1.4.21-2+b1
ii  iputils-arping  3:20121221-5+b2
ii  modemmanager    1.4.10-1
ii  ppp             2.4.6-3.1

Versions of packages network-manager suggests:
ii  avahi-autoipd  0.6.31-5
pn  libteam-utils  <none>

-- Configuration Files:
/etc/NetworkManager/NetworkManager.conf changed [not included]

-- no debconf information

More information about the Pkg-utopia-maintainers mailing list