dbus

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Freedesktop.org message bus system
Version 1.12.20-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1573 1.12.18-1 1.12.20-1 Medium Fixed
AVG-1183 1.12.16-5 1.12.18-1 Low Fixed
AVG-974 1.12.14-1 1.12.16-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-35512 AVG-1573 Medium No Arbitrary code execution
A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules...
CVE-2020-12049 AVG-1183 Low No Denial of service
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds...
CVE-2019-12749 AVG-974 High No Access restriction bypass
It has been discovered that dbus before 1.12.16 allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in...

Advisories

Date Advisory Group Severity Type
13 Jun 2020 ASA-202006-9 AVG-1183 Low denial of service
18 Jun 2019 ASA-201906-16 AVG-974 High access restriction bypass