GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Dec 24, 2020 4:26 am Post subject: [ GLSA 202012-17 ] D-Bus |
 |
|
Gentoo Linux Security Advisory
Title: D-Bus: Denial of service (GLSA 202012-17)
Severity: low
Exploitable: local
Date: 2020-12-23
Bug(s): #755392
ID: 202012-17
Synopsis
A local Denial of Service vulnerability was discovered in D-Bus.
Background
D-Bus is a message bus system which processes can use to talk to each
other.
Affected Packages
Package: sys-apps/dbus
Vulnerable: < 1.12.20
Unaffected: >= 1.12.20
Architectures: All supported architectures
Description
It was discovered that D-Bus did not properly handle the situation when
two usernames have the same numeric UID.
Impact
An attacker could possibly cause a Denial of Service condition or
trigger other undefined behavior, possibly including incorrect
authorization decisions.
Workaround
There is no known workaround at this time.
Resolution
All D-Bus users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.12.20"
|
References
dbus 1.12.20 security update announcement
|
|
News & Announcements
