==========================================================================
Ubuntu Security Notice USN-4134-2
September 23, 2019
ibus regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
USN 4134-1 introduced a regression in IBus.
Software Description:
– ibus: Intelligent Input Bus – core
Details:
USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a
regression when being used with Qt applications. This update reverts the
security fix pending further investigation.
Original advisory details:
Simon McVittie discovered that IBus did not enforce appropriate access
controls on its private D-Bus socket. A local unprivileged user who
discovers the IBus socket address of another user could exploit this to
capture the key strokes of the other user.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
ibus 1.5.19-1ubuntu2.2
Ubuntu 18.04 LTS:
ibus 1.5.17-3ubuntu5.2
Ubuntu 16.04 LTS:
ibus 1.5.11-1ubuntu2.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4134-2
https://usn.ubuntu.com/4134-1
https://launchpad.net/bugs/1844853
Package Information:
https://launchpad.net/ubuntu/+source/ibus/1.5.19-1ubuntu2.2
https://launchpad.net/ubuntu/+source/ibus/1.5.17-3ubuntu5.2
https://launchpad.net/ubuntu/+source/ibus/1.5.11-1ubuntu2.3
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2I4i0ACgkQZWnYVadE
vpO1tA//STdSVyOIdvcJfwZpY9EtDLKjQOZu/BJrAebOr/rt7Cbt9/JPdvoECr3A
pTtmi4gf+AmxS1UUyP2MZJEbIP6g3caSApgr5vPI9Fi2JuGYG9UXKZ9XkoOqpM/E
f+v98+frxEzbx7CmBFBxF25UgP7HDYmwo4qXm3HPe9HBJEaJP6Sd+5o35Zho2sPB
nWrZRL/r+E3MzNq1s8rI+Z5h54+Tx6atmtZTDO0oXejlHviVC0n1VBCljURM8b9d
wNdLSK5cgdTNlc1v/jeiFHWl55obq/WCQpXbeacdLvZl2D7s3ToNL9IAxnw2huj8
ggu0Dpo2qNInDy2r4PwbnwxIOEII6vrBzY3frlzFnOHezUAMXTTm8O6vTpT49n05
tyucUCsY8jlwtnSYaMQcAzPN23Hvci6CbMhkIH9uKL2z1Qr35DSXWfONGsdZhz28
DlIUcnCMDXmCiK0bhe9HX0XPeXb57J1pimsBrFouKmEBawCxgUWiCUzk8h7BMpov
OfXwzrfhzPSShi2TdDUgo0t1mUo4eT4XdigtN01+ADetZs/omEeR1z+pXKb8JeUS
4ieKsgCQ3hwwJt+ILm0FXpFEqBUSbMSey3hXkC6gRuOHdLxPeirgSdJUZ0SAGghV
/wI2DU+tNUh0vYDLQXfw5m6z0JXXmFHRD6jsTZK3wYi1WL8xndQ=
=OHVE
—–END PGP SIGNATURE—–
—