You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa ibus

Sigurnosni nedostatak programskog paketa ibus

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4134-2
September 23, 2019

ibus regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN 4134-1 introduced a regression in IBus.

Software Description:
– ibus: Intelligent Input Bus – core

Details:

USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a
regression when being used with Qt applications. This update reverts the
security fix pending further investigation.

Original advisory details:

Simon McVittie discovered that IBus did not enforce appropriate access
controls on its private D-Bus socket. A local unprivileged user who
discovers the IBus socket address of another user could exploit this to
capture the key strokes of the other user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
ibus 1.5.19-1ubuntu2.2

Ubuntu 18.04 LTS:
ibus 1.5.17-3ubuntu5.2

Ubuntu 16.04 LTS:
ibus 1.5.11-1ubuntu2.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4134-2
https://usn.ubuntu.com/4134-1
https://launchpad.net/bugs/1844853

Package Information:
https://launchpad.net/ubuntu/+source/ibus/1.5.19-1ubuntu2.2
https://launchpad.net/ubuntu/+source/ibus/1.5.17-3ubuntu5.2
https://launchpad.net/ubuntu/+source/ibus/1.5.11-1ubuntu2.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2I4i0ACgkQZWnYVadE
vpO1tA//STdSVyOIdvcJfwZpY9EtDLKjQOZu/BJrAebOr/rt7Cbt9/JPdvoECr3A
pTtmi4gf+AmxS1UUyP2MZJEbIP6g3caSApgr5vPI9Fi2JuGYG9UXKZ9XkoOqpM/E
f+v98+frxEzbx7CmBFBxF25UgP7HDYmwo4qXm3HPe9HBJEaJP6Sd+5o35Zho2sPB
nWrZRL/r+E3MzNq1s8rI+Z5h54+Tx6atmtZTDO0oXejlHviVC0n1VBCljURM8b9d
wNdLSK5cgdTNlc1v/jeiFHWl55obq/WCQpXbeacdLvZl2D7s3ToNL9IAxnw2huj8
ggu0Dpo2qNInDy2r4PwbnwxIOEII6vrBzY3frlzFnOHezUAMXTTm8O6vTpT49n05
tyucUCsY8jlwtnSYaMQcAzPN23Hvci6CbMhkIH9uKL2z1Qr35DSXWfONGsdZhz28
DlIUcnCMDXmCiK0bhe9HX0XPeXb57J1pimsBrFouKmEBawCxgUWiCUzk8h7BMpov
OfXwzrfhzPSShi2TdDUgo0t1mUo4eT4XdigtN01+ADetZs/omEeR1z+pXKb8JeUS
4ieKsgCQ3hwwJt+ILm0FXpFEqBUSbMSey3hXkC6gRuOHdLxPeirgSdJUZ0SAGghV
/wI2DU+tNUh0vYDLQXfw5m6z0JXXmFHRD6jsTZK3wYi1WL8xndQ=
=OHVE
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa dbus

Otkriven je sigurnosni nedostatak u programskom paketu dbus za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close