Ubuntu 22.10 USN-5704-1: Critical DBus Denial Of Service Advisory
Oct 27, 2022
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Several security issues were fixed in DBus.
=========================================================================Ubuntu Security Notice USN-5704-1 October 27, 2022 dbus vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in DBus. Software Description: - dbus: simple interprocess messaging system Details: It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42010) It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42011) It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42012) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: dbus 1.14.0-2ubuntu3 libdbus-1-3 1.14.0-2ubuntu3 Ubuntu 22.04 LTS: dbus 1.12.20-2ubuntu4.1 libdbus-1-3 1.12.20-2ubuntu4.1 Ubuntu 20.04 LTS: dbus 1.12.16-2ubuntu2.3 libdbus-1-3 1.12.16-2ubuntu2.3 Ubuntu 18.04 LTS: dbus 1.12.2-1ubuntu1.4 libdbus-1-3 1.12.2-1ubuntu1.4 Ubuntu 16.04 ESM: dbus 1.10.6-1ubuntu3.6+esm2 libdbus-1-3 1.10.6-1ubuntu3.6+esm2 Ubuntu 14.04 ESM: dbus 1.6.18-0ubuntu4.5+esm3 libdbus-1-3 1.6.18-0ubuntu4.5+esm3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5704-1 CVE-2022-42010, CVE-2022-42011, CVE-2022-42012 Package Information: https://launchpad.net/ubuntu/+source/dbus/1.14.0-2ubuntu3 https://launchpad.net/ubuntu/+source/dbus/1.12.20-2ubuntu4.1 https://launchpad.net/ubuntu/+source/dbus/1.12.16-2ubuntu2.3 https://launchpad.net/ubuntu/+source/dbus/1.12.2-1ubuntu1.4
PREVIOUS
NEXT
Ubuntu 22.10 USN-5704-1: Critical DBus Denial Of Service Advisory
ubuntu
October 27, 2022
Several security issues were fixed in DBus.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: dbus 1.14.0-2ubuntu3 libdbus-1-3 1.14.0-2ubuntu3 Ubuntu 22.04 LTS: dbus 1.12.20-2ubuntu4.1 libdbus-1-3 1.12.20-2ubuntu4.1 Ubuntu 20.04 LTS: dbus 1.12.16-2ubuntu2.3 libdbus-1-3 1.12.16-2ubuntu2.3 Ubuntu 18.04 LTS: dbus 1.12.2-1ubuntu1.4 libdbus-1-3 1.12.2-1ubuntu1.4 Ubuntu 16.04 ESM: dbus 1.10.6-1ubuntu3.6+esm2 libdbus-1-3 1.10.6-1ubuntu3.6+esm2 Ubuntu 14.04 ESM: dbus 1.6.18-0ubuntu4.5+esm3 libdbus-1-3 1.6.18-0ubuntu4.5+esm3 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5704-1
CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
Severity
critical
Lowest
Low
Medium
High
Critical
October 27, 2022
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/dbus/1.14.0-2ubuntu3 https://launchpad.net/ubuntu/+source/dbus/1.12.20-2ubuntu4.1 https://launchpad.net/ubuntu/+source/dbus/1.12.16-2ubuntu2.3 https://launchpad.net/ubuntu/+source/dbus/1.12.2-1ubuntu1.4
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!