[SECURITY] [DLA 2235-1] dbus security update

2020-06-0515:33:53

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Package : dbus
Version : 1.8.22-0+deb8u3
CVE ID : CVE-2020-12049

It was discovered that there was a file descriptor leak in the D-Bus
message bus.

An unprivileged local attacker could use this to attack the system
DBus daemon, leading to denial of service for all users of the
machine.

For Debian 8 "Jessie", this issue has been fixed in dbus version
1.8.22-0+deb8u3.

We recommend that you upgrade your dbus packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian10amd64libdbus-1-3-dbgsym< 1.12.20-0+deb10u1libdbus-1-3-dbgsym_1.12.20-0+deb10u1_amd64.deb
Debian10s390xlibdbus-1-3-dbgsym< 1.12.20-0+deb10u1libdbus-1-3-dbgsym_1.12.20-0+deb10u1_s390x.deb
Debian9mipseldbus-udeb< 1.10.32-0+deb9u1dbus-udeb_1.10.32-0+deb9u1_mipsel.deb
Debian10armhfdbus-tests< 1.12.20-0+deb10u1dbus-tests_1.12.20-0+deb10u1_armhf.deb
Debian9amd64dbus-tests< 1.10.32-0+deb9u1dbus-tests_1.10.32-0+deb9u1_amd64.deb
Debian10armellibdbus-1-3-dbgsym< 1.12.20-0+deb10u1libdbus-1-3-dbgsym_1.12.20-0+deb10u1_armel.deb
Debian10i386dbus-x11< 1.12.20-0+deb10u1dbus-x11_1.12.20-0+deb10u1_i386.deb
Debian9arm64libdbus-1-3-udeb< 1.10.32-0+deb9u1libdbus-1-3-udeb_1.10.32-0+deb9u1_arm64.deb
Debian9armeldbus-x11< 1.10.32-0+deb9u1dbus-x11_1.10.32-0+deb9u1_armel.deb
Debian8amd64dbus-1-dbg< 1.8.22-0+deb8u3dbus-1-dbg_1.8.22-0+deb8u3_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	libdbus-1-3-dbgsym	< 1.12.20-0+deb10u1	libdbus-1-3-dbgsym_1.12.20-0+deb10u1_amd64.deb
Debian	10	s390x	libdbus-1-3-dbgsym	< 1.12.20-0+deb10u1	libdbus-1-3-dbgsym_1.12.20-0+deb10u1_s390x.deb
Debian	9	mipsel	dbus-udeb	< 1.10.32-0+deb9u1	dbus-udeb_1.10.32-0+deb9u1_mipsel.deb
Debian	10	armhf	dbus-tests	< 1.12.20-0+deb10u1	dbus-tests_1.12.20-0+deb10u1_armhf.deb
Debian	9	amd64	dbus-tests	< 1.10.32-0+deb9u1	dbus-tests_1.10.32-0+deb9u1_amd64.deb
Debian	10	armel	libdbus-1-3-dbgsym	< 1.12.20-0+deb10u1	libdbus-1-3-dbgsym_1.12.20-0+deb10u1_armel.deb
Debian	10	i386	dbus-x11	< 1.12.20-0+deb10u1	dbus-x11_1.12.20-0+deb10u1_i386.deb
Debian	9	arm64	libdbus-1-3-udeb	< 1.10.32-0+deb9u1	libdbus-1-3-udeb_1.10.32-0+deb9u1_arm64.deb
Debian	9	armel	dbus-x11	< 1.10.32-0+deb9u1	dbus-x11_1.10.32-0+deb9u1_armel.deb
Debian	8	amd64	dbus-1-dbg	< 1.8.22-0+deb8u3	dbus-1-dbg_1.8.22-0+deb8u3_amd64.deb