An update for dbus is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1101
Final
1.0
1.0
2021-04-07
Initial
2021-04-07
2021-04-07
openEuler SA Tool V1.0
2021-04-07
dbus security update
An update for dbus is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on demand when their services are needed.
Security Fix(es):
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors(CVE-2020-35512)
An update for dbus is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
dbus
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1101
https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-35512
https://nvd.nist.gov/vuln/detail/CVE-2020-35512
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
dbus-tools-1.12.16-16.oe1.aarch64.rpm
dbus-1.12.16-16.oe1.aarch64.rpm
dbus-devel-1.12.16-16.oe1.aarch64.rpm
dbus-daemon-1.12.16-16.oe1.aarch64.rpm
dbus-libs-1.12.16-16.oe1.aarch64.rpm
dbus-debuginfo-1.12.16-16.oe1.aarch64.rpm
dbus-debugsource-1.12.16-16.oe1.aarch64.rpm
dbus-x11-1.12.16-16.oe1.aarch64.rpm
dbus-daemon-1.12.16-17.oe1.aarch64.rpm
dbus-debugsource-1.12.16-17.oe1.aarch64.rpm
dbus-devel-1.12.16-17.oe1.aarch64.rpm
dbus-libs-1.12.16-17.oe1.aarch64.rpm
dbus-x11-1.12.16-17.oe1.aarch64.rpm
dbus-tools-1.12.16-17.oe1.aarch64.rpm
dbus-1.12.16-17.oe1.aarch64.rpm
dbus-debuginfo-1.12.16-17.oe1.aarch64.rpm
dbus-help-1.12.16-16.oe1.noarch.rpm
dbus-common-1.12.16-16.oe1.noarch.rpm
dbus-common-1.12.16-17.oe1.noarch.rpm
dbus-help-1.12.16-17.oe1.noarch.rpm
dbus-1.12.16-16.oe1.src.rpm
dbus-1.12.16-17.oe1.src.rpm
dbus-debuginfo-1.12.16-16.oe1.x86_64.rpm
dbus-devel-1.12.16-16.oe1.x86_64.rpm
dbus-x11-1.12.16-16.oe1.x86_64.rpm
dbus-1.12.16-16.oe1.x86_64.rpm
dbus-debugsource-1.12.16-16.oe1.x86_64.rpm
dbus-tools-1.12.16-16.oe1.x86_64.rpm
dbus-libs-1.12.16-16.oe1.x86_64.rpm
dbus-daemon-1.12.16-16.oe1.x86_64.rpm
dbus-daemon-1.12.16-17.oe1.x86_64.rpm
dbus-1.12.16-17.oe1.x86_64.rpm
dbus-tools-1.12.16-17.oe1.x86_64.rpm
dbus-devel-1.12.16-17.oe1.x86_64.rpm
dbus-x11-1.12.16-17.oe1.x86_64.rpm
dbus-debuginfo-1.12.16-17.oe1.x86_64.rpm
dbus-libs-1.12.16-17.oe1.x86_64.rpm
dbus-debugsource-1.12.16-17.oe1.x86_64.rpm
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
2021-04-07
CVE-2020-35512
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dbus security update
2021-04-07
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1101