USN-5244-1: DBus vulnerability
20 January 2022
DBus could be made to crash if it received specially crafted input.
Releases
Packages
- dbus - simple interprocess messaging system
Details
Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
dbus
-
1.10.6-1ubuntu3.6+esm1
Available with Ubuntu Pro
-
libdbus-1-3
-
1.10.6-1ubuntu3.6+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.