[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ubuntu-security-announce
Subject:    [USN-5244-1] DBus vulnerability
From:       Camila Camargo de Matos <camila.camargodematos () canonical ! com>
Date:       2022-01-20 20:25:07
Message-ID: 29531f45-36d6-7c2d-bd1f-a459b9deec37 () canonical ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

[Attachment #4 (multipart/mixed)]


==========================================================================
Ubuntu Security Notice USN-5244-1
January 20, 2022

dbus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

DBus could be made to crash if it received specially crafted
input.

Software Description:
- dbus: simple interprocess messaging system

Details:

Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
dbus 1.10.6-1ubuntu3.6+esm1
libdbus-1-3 1.10.6-1ubuntu3.6+esm1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5244-1
CVE-2020-35512


["OpenPGP_signature.asc" (application/pgp-signature)]
[Attachment #8 (text/plain)]

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


[prev in list] [next in list] [prev in thread] [next in thread]