USN-5704-1: DBus vulnerabilities
27 October 2022
Several security issues were fixed in DBus.
Releases
Packages
- dbus - simple interprocess messaging system
Details
It was discovered that DBus incorrectly handled messages with invalid type
signatures. A local attacker could possibly use this issue to cause DBus to
crash, resulting in a denial of service. (CVE-2022-42010)
It was discovered that DBus was incorrectly validating the length of arrays of
fixed-length items. A local attacker could possibly use this issue to cause
DBus to crash, resulting in a denial of service. (CVE-2022-42011)
It was discovered that DBus incorrectly handled the body DBus message with
attached file descriptors. A local attacker could possibly use this issue to
cause DBus to crash, resulting in a denial of service. (CVE-2022-42012)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
-
dbus
-
1.10.6-1ubuntu3.6+esm2
Available with Ubuntu Pro
-
libdbus-1-3
-
1.10.6-1ubuntu3.6+esm2
Available with Ubuntu Pro
Ubuntu 14.04
-
dbus
-
1.6.18-0ubuntu4.5+esm3
Available with Ubuntu Pro
-
libdbus-1-3
-
1.6.18-0ubuntu4.5+esm3
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.