UbuntuUpdates.org

Package "dbus"

Name: dbus

Description:

simple interprocess messaging system (daemon and utilities)

Latest version: 1.12.2-1ubuntu1.4
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://dbus.freedesktop.org/

Links


Download "dbus"


Other versions of "dbus" in Bionic

Repository Area Version
base main 1.12.2-1ubuntu1
base universe 1.12.2-1ubuntu1
security universe 1.12.2-1ubuntu1.4
updates universe 1.12.2-1ubuntu1.4
updates main 1.12.2-1ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.12.2-1ubuntu1.4 2022-10-27 14:06:20 UTC

  dbus (1.12.2-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Assertion failure in dbus-marshal-validate
    - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
      correctly
    - CVE-2022-42010
  * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
    - debian/patches/CVE-2022-42011.patch: Validate length of arrays of
      fixed-length items
    - CVE-2022-42011
  * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
    - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
    - CVE-2022-42012

 -- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:33:19 +0530

Source diff to previous version
CVE-2022-42010 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-
CVE-2022-42011 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-
CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-

Version: 1.12.2-1ubuntu1.3 2022-05-09 07:06:19 UTC

  dbus (1.12.2-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: use-after-free when users share UID
    - debian/patches/CVE-2020-35512.patch: apply
      reference-counting to the user and group data structures
      in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h,
      dbus/dbus-userdb-util.c and dbus/dbus-userdb.c.
    - CVE-2020-35512

 -- David Fernandez Gonzalez <email address hidden> Fri, 06 May 2022 13:08:40 +0200

Source diff to previous version
CVE-2020-35512 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1

Version: 1.12.2-1ubuntu1.2 2020-06-16 18:06:45 UTC

  dbus (1.12.2-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
      we did receive in dbus/dbus-sysdeps-unix.c.
    - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
      descriptors in test/fdpass.c.
    - CVE-2020-12049

 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:25:30 -0400

Source diff to previous version
CVE-2020-12049 An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exc

Version: 1.12.2-1ubuntu1.1 2019-06-11 18:06:16 UTC

  dbus (1.12.2-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:05:17 -0400

CVE-2019-12749 DBusServer DBUS_COOKIE_SHA1 authentication bypass



About   -   Send Feedback to @ubuntu_updates