Mageia 2022-0365: dbus security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
MGASA-2022-0365 - Updated dbus packages fix security vulnerability

Publication date: 08 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0365.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-42010,
     CVE-2022-42011,
     CVE-2022-42012

A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (CVE-2022-42010)

An invalid array of fixed-length elements where the length of the array is
not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
(CVE-2022-42011)

A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. (CVE-2022-42012)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30941
- https://www.openwall.com/lists/oss-security/2022/10/06/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012

SRPMS:
- 8/core/dbus-1.13.18-3.1.mga8

Mageia 2022-0365: dbus security update

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds

Summary

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (CVE-2022-42010)
An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. (CVE-2022-42011)
A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. (CVE-2022-42012)

References

- https://bugs.mageia.org/show_bug.cgi?id=30941

- https://www.openwall.com/lists/oss-security/2022/10/06/1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012

Resolution

MGASA-2022-0365 - Updated dbus packages fix security vulnerability

SRPMS

- 8/core/dbus-1.13.18-3.1.mga8

Severity
Publication date: 08 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0365.html
Type: security
CVE: CVE-2022-42010, CVE-2022-42011, CVE-2022-42012

Related News

Proposed Linux Patch Would Allow Disabling CPU Security Mitigations At Build-Time

Linus Torvalds: Rust will go into Linux 6.1

Kali Linux team to stream free penetration testing course on Twitch

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy