Ubuntu Security Notice 4015-1 - Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges.
0a1f3c43d3f74c5045915abb2ea99ab7bd4e1fb496a273ef442d9edc77ec8c39==========================================================================
Ubuntu Security Notice USN-4015-1
June 11, 2019
dbus vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
DBus could allow unintended access to services.
Software Description:
- dbus: simple interprocess messaging system
Details:
Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1
authentication. A local attacker could possibly use this issue to bypass
authentication and connect to DBus servers with elevated privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
dbus 1.12.12-1ubuntu1.1
libdbus-1-3 1.12.12-1ubuntu1.1
Ubuntu 18.10:
dbus 1.12.10-1ubuntu2.1
libdbus-1-3 1.12.10-1ubuntu2.1
Ubuntu 18.04 LTS:
dbus 1.12.2-1ubuntu1.1
libdbus-1-3 1.12.2-1ubuntu1.1
Ubuntu 16.04 LTS:
dbus 1.10.6-1ubuntu3.4
libdbus-1-3 1.10.6-1ubuntu3.4
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4015-1
CVE-2019-12749
Package Information:
https://launchpad.net/ubuntu/+source/dbus/1.12.12-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.12.10-1ubuntu2.1
https://launchpad.net/ubuntu/+source/dbus/1.12.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed