UbuntuUpdates.org

Package "dbus-user-session"

Name: dbus-user-session

Description:

simple interprocess messaging system (systemd --user integration)
Latest version: 1.12.16-2ubuntu2.3
Release: focal (20.04)
Level: updates
Repository: main
Head package: dbus
Homepage: http://dbus.freedesktop.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dbus-user-session"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dbus-user-session" in Focal

Repository Area Version
base main 1.12.16-2ubuntu2
security main 1.12.16-2ubuntu2.3

Changelog

Version: 1.12.16-2ubuntu2.3 2022-10-27 16:07:19 UTC

  dbus (1.12.16-2ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Assertion failure in dbus-marshal-validate
    - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
      correctly
    - CVE-2022-42010
  * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
    - debian/patches/CVE-2022-42011.patch: Validate length of arrays of
      fixed-length items
    - CVE-2022-42011
  * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
    - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
    - CVE-2022-42012

 -- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:39:26 +0530
Source diff to previous version
CVE-2022-42010 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-
CVE-2022-42011 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-
CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-

Version: 1.12.16-2ubuntu2.2 2022-05-09 08:06:21 UTC

  dbus (1.12.16-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free when users share UID
    - debian/patches/CVE-2020-35512.patch: apply
      reference-counting to the user and group data structures
      in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h,
      dbus/dbus-userdb-util.c and dbus/dbus-userdb.c.
    - CVE-2020-35512

 -- David Fernandez Gonzalez <email address hidden> Fri, 29 Apr 2022 14:03:28 +0200
Source diff to previous version
CVE-2020-35512 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1

Version: 1.12.16-2ubuntu2.1 2020-06-16 18:06:57 UTC

  dbus (1.12.16-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
      we did receive in dbus/dbus-sysdeps-unix.c.
    - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
      descriptors in test/fdpass.c.
    - CVE-2020-12049

 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:22:13 -0400
CVE-2020-12049 An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exc


About   -   Send Feedback to @ubuntu_updates