[CLSA-2022:1669241224] Fix CVE(s): CVE-2022-42012, CVE-2022-42011, CVE-2022-42010, CVE-2020-35512
Type:
security
Severity:
Important
Release date:
2022-11-23 22:07:04 UTC
Description:
* SECURITY UPDATE: Use-after-free in access control-related hash tables - debian/patches/CVE-2020-35512.patch: use reference counting for DBusUserInfo and DBusGroupInfo structures. - CVE-2020-35512 * SECURITY UPDATE: Crash or incorrect parsing a signature with wrongly nested '()' and '{}' - debian/patches/CVE-2022-42010.patch: add extra checking for brackets. - CVE-2022-42010 * SECURITY UPDATE: Out-of-bounds accesses during processing of arrays made up of an integer number of items - debian/patches/CVE-2022-42011.patch: validate length of arrays of fixed-length items. - CVE-2022-42011 * SECURITY UPDATE: Crash when message type and the pointer into its contents goes out of sync - debian/patches/CVE-2022-42012.patch: byte-swap Unix fd indexes if needed. - CVE-2022-42012
Updated packages:
  • dbus_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
    sha:437523132711f68f6c5009dc821f5020bcca60ed
  • dbus-1-doc_1.10.6-1ubuntu3.6+tuxcare.els1_all.deb
    sha:283cfce996aa3ba8777b7672e4bbf6f32df65d3e
  • dbus-tests_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
    sha:ab835376b5e7b9445165965c7b7848d7ab6c88d7
  • dbus-user-session_1.10.6-1ubuntu3.6+tuxcare.els1_all.deb
    sha:6054362549ae7dd6e077028655103772fbecad54
  • dbus-x11_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
    sha:611dc5edc1e2c0a6a7859f4be56f186a28a9b8be
  • libdbus-1-3_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
    sha:09e5723b9fcff178715768ca2bc02ae2bef05b99
  • libdbus-1-dev_1.10.6-1ubuntu3.6+tuxcare.els1_amd64.deb
    sha:abeff74cdaa3e711b30b9856d7edd23a9a6c58cb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.