Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu Security Notice USN-4134-2: IBus Regression Detected and Addressed

ubuntu
Calendar Grey September 23, 2019
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4135-1 highlights vulnerabilities related to the NetworkManager affecting Ubuntu 18.04 and newer systems.
USN 4134-1 introduced a regression in IBus.

Summary

USN 4134-1 introduced a regression in IBus.

Software Description:

- ibus: Intelligent Input Bus - core

Details:

USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a

regression when being used with Qt applications. This update reverts the

security fix pending further investigation.

Original advisory details:

Simon McVittie discovered that IBus did not enforce appropriate access

controls on its private D-Bus socket. A local unprivileged user who

discovers the IBus socket address of another user could exploit this to

capture the key strokes of the other user.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  ibus                            1.5.19-1ubuntu2.2

Ubuntu 18.04 LTS:
  ibus                            1.5.17-3ubuntu5.2

Ubuntu 16.04 LTS:
  ibus                            1.5.11-1ubuntu2.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4134-2

https://ubuntu.com/security/notices/USN-4134-1

https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1844853

Severity
critical
Lowest
Low
Medium
High
Critical

September 23, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.