Updated dbus packages fix security vulnerability

🗓️ 15 Jun 2020 07:54:40Reported by Gentoo FoundationType

Updated dbus packages fix security vulnerability An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients

Reporter	Title	Published	Views	Family All 133
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	15 Apr 202221:36	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to Using Components with Known Vulnerabilities	30 Oct 202016:18	–	ibm
FreeBSD	dbus file descriptor leak	9 Apr 202000:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : dbus (ALAS-2022-1870)	9 Nov 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0097: dbus (ALINUX3-SA-2022:0097)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : dbus (CESA-2020:3014)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : dbus (RHSA-2020:2894)	15 Jul 202000:00	–	nessus
Tenable Nessus	Debian DLA-2235-1 : dbus security update	8 Jun 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : dbus (EulerOS-SA-2020-1797)	30 Jul 202000:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	7	any	dbus	1.13.8-4.2	dbus-1.13.8-4.2.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
openwall	www.openwall.com/lists/oss-security/2020/06/04/3
debian	www.debian.org/lts/security/2020/dla-2235

15 Jun 2020 07:54Current

1Low risk

Vulners AI Score1

CVSS 24.9

CVSS 3.15.5

EPSS0.00574