|
|
Log in / Subscribe / Register

Ubuntu alert USN-8167-2 (xdg-dbus-proxy)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8167-2] xdg-dbus-proxy vulnerability


Date:
              Tue, 26 May 2026 21:29:15 +0000


Message-ID:
              <E1wRzKt-0000SX-CC@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8167-2
May 26, 2026

xdg-dbus-proxy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

xdg-dbus-proxy could be made to expose sensitive information.

Software Description:
- xdg-dbus-proxy: A filtering proxy for D-Bus connections

Details:

USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update
provides the corresponding update for Ubuntu 20.04 LTS.

Original advisory details:

 It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping
 in policy rules. A local attacker could possibly use this issue to
 intercept certain D-Bus messages.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  xdg-dbus-proxy                  0.1.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8167-2
  https://ubuntu.com/security/notices/USN-8167-1
  CVE-2026-34080




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoWDFYACgkQcpJm3tlz
hgGJDQ//QhBa2iI715N6C39f2iVOpuy9q+47UL/d2+zsEWMaRhvfWdQxmi+X/iW4
jFpy+/QHMPeAtNF/oXMwcBN3JHJylyASUfZDl0x6QTEqDNYf9DpSCiFJqC8rMsNT
J/soau9+fHdJOpvrHrP6iemqPIG6Y3qfwTKe7cSiwzuGEEARq1UqG8wp3K4JOZl4
PwttkN/fWUR0LRoSoRdw9WAHaIaPHZ/xMzPSEaM96Oky9V/ohCWyR9QyAzPa6STv
nrplolAsLjTsuFIazSqv6dxRZda3PtTK7vYZKKht9Z1HhO1BPR+yDepNfQsqUS3c
ipFN7ZbSXRUlj8AgWmkcxPLlS097v3jS5Rvj+lTP8p7V4nTG7iLoPdfUlQIC8hEA
Xkfez2/Jv+10X25xDEp5EAf5QNoImapVfm0tTpYl5DFqG2PXIA/DXerED9/lW/OK
EWeIlY0VYVmrw/bpn2LViHRnAT7M+CAjeIPYRKx5brMgViNrktnTEUB1xCwZeyph
KFEZomImvr4dawAH+IHp7qniUS2ruQIQCrDcWEVP9lIuBSjs4PVHRk8flb+Gs3Ed
toUf0v2bCFOmw30ad3Tpc5jkjR50LmqCi6ztt8NVmF2yNY0vyLmcNOcmy0adNmjF
YAdoQ9LJLxQ2pbTs+p2uii9HY+RJ75h+BgldGqS4820u53U0NLg=
=GmZF
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds