Release date:
2022-11-23 22:07:04 UTC
Description:
* SECURITY UPDATE: Use-after-free in access control-related hash tables
- debian/patches/CVE-2020-35512.patch: use reference counting for
DBusUserInfo and DBusGroupInfo structures.
- CVE-2020-35512
* SECURITY UPDATE: Crash or incorrect parsing a signature with wrongly
nested '()' and '{}'
- debian/patches/CVE-2022-42010.patch: add extra checking for brackets.
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bounds accesses during processing of arrays
made up of an integer number of items
- debian/patches/CVE-2022-42011.patch: validate length of arrays of
fixed-length items.
- CVE-2022-42011
* SECURITY UPDATE: Crash when message type and the pointer into its
contents goes out of sync
- debian/patches/CVE-2022-42012.patch: byte-swap Unix fd indexes
if needed.
- CVE-2022-42012
Updated packages:
-
dbus_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
sha:437523132711f68f6c5009dc821f5020bcca60ed
-
dbus-1-doc_1.10.6-1ubuntu3.6+tuxcare.els1_all.deb
sha:283cfce996aa3ba8777b7672e4bbf6f32df65d3e
-
dbus-tests_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
sha:ab835376b5e7b9445165965c7b7848d7ab6c88d7
-
dbus-user-session_1.10.6-1ubuntu3.6+tuxcare.els1_all.deb
sha:6054362549ae7dd6e077028655103772fbecad54
-
dbus-x11_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
sha:611dc5edc1e2c0a6a7859f4be56f186a28a9b8be
-
libdbus-1-3_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
sha:09e5723b9fcff178715768ca2bc02ae2bef05b99
-
libdbus-1-dev_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
sha:abeff74cdaa3e711b30b9856d7edd23a9a6c58cb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.