You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa dbus

Sigurnosni nedostatak programskog paketa dbus

==========================================================================
Ubuntu Security Notice USN-4015-1
June 11, 2019

dbus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

DBus could allow unintended access to services.

Software Description:
– dbus: simple interprocess messaging system

Details:

Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1
authentication. A local attacker could possibly use this issue to bypass
authentication and connect to DBus servers with elevated privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
dbus 1.12.12-1ubuntu1.1
libdbus-1-3 1.12.12-1ubuntu1.1

Ubuntu 18.10:
dbus 1.12.10-1ubuntu2.1
libdbus-1-3 1.12.10-1ubuntu2.1

Ubuntu 18.04 LTS:
dbus 1.12.2-1ubuntu1.1
libdbus-1-3 1.12.2-1ubuntu1.1

Ubuntu 16.04 LTS:
dbus 1.10.6-1ubuntu3.4
libdbus-1-3 1.10.6-1ubuntu3.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4015-1
CVE-2019-12749

Package Information:
https://launchpad.net/ubuntu/+source/dbus/1.12.12-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.12.10-1ubuntu2.1
https://launchpad.net/ubuntu/+source/dbus/1.12.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlz/5BQACgkQZWnYVadE
vpNa+g//eMHp8sPmWde2YMfXcsrNdMU5FjtK7c8gDAaSbZ1gaSF/8T3YLrdvA/xT
2SkOswVhskr+qQf4xxBaglz5yvCETYhHHwibFTh5DksJxTCUC1mdcA4vzCOVAkgg
16Ki9PeKVJN7fwh598q729AYs27QRMNKAOSjjCuc7kBMTvSLMnu4Bf1g1RDsErkd
pS8t9qkVJamyzxtvvSAJrpLWJT+bZPheVAsRnsmggBeqqqKmDZ9TceaHXm2Qd6ob
ZMWc9VJBQNmtIEDXMIDqKmftCCPZZTSFr1AxT+aNmAR/txg9LYaT/zEzaxG5PSOQ
q7MYc3SHdXAko+0YMUmeF0lOX/x/OU6PfMUz0hYQgAL7KubTk2cHDVtWdHtIk1t8
5x6lOyhs2vMVTf5mBM+/r/1QBS98CcAS7NO0pm6gUoCQWisdNKkMBjx4qxzHMDnP
43esN4tTWZc36xZRGV4CLL2bW/ATtjBh08XcEJNhHqMpwQG2O0Ekc9xHnpORGS8K
cdwVmoGJYfAe/nMQQI/MaUVm64Ohi3pdsbtWY4f1hjZ0yzPpD8RATgMbabR00w8I
zJB1uAJP3/MeoSfmK0c2IQERx7W0UvyXqN3r4iznuW7IWXjyZlThHLDmMxDhnRFu
YJMUWyvm59AUzDZHDUerBnOYFjsPgx0Xm6XDZNOQIcv19QO0Qtg=
=Kl1M
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskih paketa vim i neovim

Otkriveni su sigurnosni nedostaci u programskim paketima vim i neovim za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje...

Close