Low
Canonical Ubuntu
USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run sudo ua fix USN-5244-2
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc – 1.12.2-1ubuntu1.3 dbus – 1.12.2-1ubuntu1.3 libdbus-1-dev – 1.12.2-1ubuntu1.3 dbus-user-session – 1.12.2-1ubuntu1.3 dbus-x11 – 1.12.2-1ubuntu1.3 dbus-tests – 1.12.2-1ubuntu1.3 libdbus-1-3 – 1.12.2-1ubuntu1.3 No subscription required
CVEs contained in this USN include: CVE-2020-35512.
Severity is low unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2022-07-29: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.84 | |
cflinuxfs3 | lt | 0.294.0 | |
cf deployment | lt | 21.0.0 |