dbus

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Freedesktop.org message bus system
Version 1.14.10-2 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2805 1.14.3-1 1.14.4-1 Unknown Fixed
AVG-1573 1.12.18-1 1.12.20-1 Medium Fixed
AVG-1183 1.12.16-5 1.12.18-1 Low Fixed
AVG-974 1.12.14-1 1.12.16-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2022-42012 AVG-2805 Unknown Unknown Unknown
A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds,...
CVE-2022-42011 AVG-2805 Unknown Unknown Unknown
An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in...
CVE-2022-42010 AVG-2805 Unknown Unknown Unknown
A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar...
CVE-2020-35512 AVG-1573 Medium No Arbitrary code execution
A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules...
CVE-2020-12049 AVG-1183 Low No Denial of service
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds...
CVE-2019-12749 AVG-974 High No Access restriction bypass
It has been discovered that dbus before 1.12.16 allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in...

Advisories

Date Advisory Group Severity Type
13 Jun 2020 ASA-202006-9 AVG-1183 Low denial of service
18 Jun 2019 ASA-201906-16 AVG-974 High access restriction bypass