You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa dbus

Sigurnosni nedostatak programskog paketa dbus

by - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4015-2
June 12, 2019

dbus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

DBus could allow unintended access to services.

Software Description:
– dbus: simple interprocess messaging system

Details:

USN-4015-1 fixed a vulnerability in DBus. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1
authentication. A local attacker could possibly use this issue to bypass
authentication and connect to DBus servers with elevated privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
dbus 1.6.18-0ubuntu4.5+esm1
libdbus-1-3 1.6.18-0ubuntu4.5+esm1

Ubuntu 12.04 ESM:
dbus 1.4.18-1ubuntu1.9
libdbus-1-3 1.4.18-1ubuntu1.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4015-2
https://usn.ubuntu.com/4015-1
CVE-2019-12749
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdARp8AAoJEEW851uECx9pdX0P/37unOP7OPGMWgUSlmULAyyy
7VPApwOKS6pDCBfRgk7wHgrMun50k1dCSNUtA/nXcfVTJR1CwX87sdIe+1L++52u
yPTCe5eVGWPc0ETyRSLdRI02kU80VOknBL9h12Wk8iKX54nqGO440XvkaJMeZEuz
y4hAnUPdGdQp/EtDq/0H5fDaijRisIyRAScLJf8Mpoxv6xirF4i7WjFrR3bSk4/q
CAokUQclWNydKVF1siUssqV9et7uMVqWzInadwxvPfj1UR0HKlyDVzIBcjF5b0B4
Tb5/GuZJG33EQzSpBqHmkaCT6elmKYivShJpaNxism6ErFp4JcZ01D468PyQo/mk
rmuWVWCaLzZ5Ho4wt7c2C5I5sIxMzT6z9i44zWsqkqTV5K9+pEoVxbfOZZf2MACr
Wd87FrYu4X+5wmeVxvexC9sQz7D0z4uSH8WHqmHHDEsZbB1O1dQ2DH6Ig4q+ocx8
izl2kf77E1OrJt6p5RNgtZDfgGY9FBB+Jmb2nn0xIpEIa2PWswZA5Qa8xQl6B7H0
1bFo6FKjE/NZI4C0uELlIbkiJFJkdzzlOIaydpz2UWzk8zMy+qMbsrwJEpM0OUyh
k/xQYmD3ChPPvHVlwVmSXyOs4EQVYQgB85ujZh3RFdiSokD3/s5nEkJb0/VVN7HT
AC8Ariema8BdzsJWQkSH
=s2mG
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Ranjivost Cisco IOS XE softvera

Otkrivena je ranjivost korisničkog web sučelja kod Cisco IOS XE softvera uzrokovana nedovoljnom CSRF zaštitom. Ranjivost bi potencijalni napadač mogao...

Close