dbus - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1573 | 1.12.18-1 | 1.12.20-1 | Medium | Fixed | |
| AVG-1183 | 1.12.16-5 | 1.12.18-1 | Low | Fixed | |
| AVG-974 | 1.12.14-1 | 1.12.16-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-35512 | AVG-1573 | Medium | No | Arbitrary code execution | A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules... |
| CVE-2020-12049 | AVG-1183 | Low | No | Denial of service | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds... |
| CVE-2019-12749 | AVG-974 | High | No | Access restriction bypass | It has been discovered that dbus before 1.12.16 allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 13 Jun 2020 | ASA-202006-9 | AVG-1183 | Low | denial of service |
| 18 Jun 2019 | ASA-201906-16 | AVG-974 | High | access restriction bypass |