Ubuntu alert USN-4015-1 (dbus)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-4015-1] DBus vulnerability | |
| Date: | Tue, 11 Jun 2019 13:25:40 -0400 | |
| Message-ID: | <acbe1f0c-ebd1-54ae-8ccc-5aea0895f13a@canonical.com> |
========================================================================== Ubuntu Security Notice USN-4015-1 June 11, 2019 dbus vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: DBus could allow unintended access to services. Software Description: - dbus: simple interprocess messaging system Details: Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: dbus 1.12.12-1ubuntu1.1 libdbus-1-3 1.12.12-1ubuntu1.1 Ubuntu 18.10: dbus 1.12.10-1ubuntu2.1 libdbus-1-3 1.12.10-1ubuntu2.1 Ubuntu 18.04 LTS: dbus 1.12.2-1ubuntu1.1 libdbus-1-3 1.12.2-1ubuntu1.1 Ubuntu 16.04 LTS: dbus 1.10.6-1ubuntu3.4 libdbus-1-3 1.10.6-1ubuntu3.4 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://usn.ubuntu.com/4015-1 CVE-2019-12749 Package Information: https://launchpad.net/ubuntu/+source/dbus/1.12.12-1ubuntu1.1 https://launchpad.net/ubuntu/+source/dbus/1.12.10-1ubuntu2.1 https://launchpad.net/ubuntu/+source/dbus/1.12.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...