Sicherheit: Mangelnde Rechteprüfung in DBus

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1987538930602846894==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="RcxkMKrU7wEOvQ3JEFXyY9GI9ots2TmiL"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--RcxkMKrU7wEOvQ3JEFXyY9GI9ots2TmiL
Content-Type: multipart/mixed;
boundary="MLq8PxzVHbPdcxj2i6a88FTbPElwRmVLI";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <acbe1f0c-ebd1-54ae-8ccc-5aea0895f13a@canonical.com>
Subject: [USN-4015-1] DBus vulnerability

--MLq8PxzVHbPdcxj2i6a88FTbPElwRmVLI
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4015-1
June 11, 2019

dbus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

DBus could allow unintended access to services.

Software Description:
- dbus: simple interprocess messaging system

Details:

Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1
authentication. A local attacker could possibly use this issue to bypass
authentication and connect to DBus servers with elevated privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
dbus 1.12.12-1ubuntu1.1
libdbus-1-3 1.12.12-1ubuntu1.1

Ubuntu 18.10:
dbus 1.12.10-1ubuntu2.1
libdbus-1-3 1.12.10-1ubuntu2.1

Ubuntu 18.04 LTS:
dbus 1.12.2-1ubuntu1.1
libdbus-1-3 1.12.2-1ubuntu1.1

Ubuntu 16.04 LTS:
dbus 1.10.6-1ubuntu3.4
libdbus-1-3 1.10.6-1ubuntu3.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4015-1
CVE-2019-12749

Package Information:
https://launchpad.net/ubuntu/+source/dbus/1.12.12-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.12.10-1ubuntu2.1
https://launchpad.net/ubuntu/+source/dbus/1.12.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4

--MLq8PxzVHbPdcxj2i6a88FTbPElwRmVLI--

--RcxkMKrU7wEOvQ3JEFXyY9GI9ots2TmiL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlz/5BQACgkQZWnYVadE
vpNa+g//eMHp8sPmWde2YMfXcsrNdMU5FjtK7c8gDAaSbZ1gaSF/8T3YLrdvA/xT
2SkOswVhskr+qQf4xxBaglz5yvCETYhHHwibFTh5DksJxTCUC1mdcA4vzCOVAkgg
16Ki9PeKVJN7fwh598q729AYs27QRMNKAOSjjCuc7kBMTvSLMnu4Bf1g1RDsErkd
pS8t9qkVJamyzxtvvSAJrpLWJT+bZPheVAsRnsmggBeqqqKmDZ9TceaHXm2Qd6ob
ZMWc9VJBQNmtIEDXMIDqKmftCCPZZTSFr1AxT+aNmAR/txg9LYaT/zEzaxG5PSOQ
q7MYc3SHdXAko+0YMUmeF0lOX/x/OU6PfMUz0hYQgAL7KubTk2cHDVtWdHtIk1t8
5x6lOyhs2vMVTf5mBM+/r/1QBS98CcAS7NO0pm6gUoCQWisdNKkMBjx4qxzHMDnP
43esN4tTWZc36xZRGV4CLL2bW/ATtjBh08XcEJNhHqMpwQG2O0Ekc9xHnpORGS8K
cdwVmoGJYfAe/nMQQI/MaUVm64Ohi3pdsbtWY4f1hjZ0yzPpD8RATgMbabR00w8I
zJB1uAJP3/MeoSfmK0c2IQERx7W0UvyXqN3r4iznuW7IWXjyZlThHLDmMxDhnRFu
YJMUWyvm59AUzDZHDUerBnOYFjsPgx0Xm6XDZNOQIcv19QO0Qtg=
=Kl1M
-----END PGP SIGNATURE-----

--RcxkMKrU7wEOvQ3JEFXyY9GI9ots2TmiL--

--===============1987538930602846894==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============1987538930602846894==--