CVE-2025-27512

A flaw was found in Zincati, an auto-update agent for Fedora CoreOS hosts. This vulnerability may allow an unprivileged user with access to the system D-Bus socket to deploy older Fedora CoreOS versions, which may have other known vulnerabilities, and reboot the system into the deployed update vi...

CVE-2025-27512

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

Ubuntu 16.04 LTS / 18.04 LTS : IBus vulnerability (USN-4134-3)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4134-3 advisory. USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2...

USN-4134-3: IBus vulnerability

USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory...

USN-4134-3 ibus vulnerability

USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory...

gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket...

Ubuntu 16.04 LTS / 18.04 LTS : IBus vulnerability (USN-4134-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4134-1 advisory. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers t...

Ubuntu: Security Advisory (USN-4134-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4134-1: IBus vulnerability

Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user...

USN-4053-1: GVfs vulnerabilities

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. CVE-2019-12447, CVE-2019-12448,...