{"schema_version":"1.7.2","id":"OESA-2021-1101","modified":"2021-04-07T11:02:44Z","published":"2021-04-07T11:02:44Z","upstream":["CVE-2020-35512"],"summary":"dbus security update","details":"D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \u0026quot;single instance\u0026quot; application or daemon, and to launch applications and daemons on demand when their services are needed.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in D-Bus Development branch \u0026lt;= 1.13.16, dbus-1.12.x stable branch \u0026lt;= 1.12.18, and dbus-1.10.x and older branches \u0026lt;= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors(CVE-2020-35512)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"dbus","purl":"pkg:rpm/openEuler/dbus\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.16-17.oe1"}]}],"ecosystem_specific":{"aarch64":["dbus-tools-1.12.16-16.oe1.aarch64.rpm","dbus-1.12.16-16.oe1.aarch64.rpm","dbus-devel-1.12.16-16.oe1.aarch64.rpm","dbus-daemon-1.12.16-16.oe1.aarch64.rpm","dbus-libs-1.12.16-16.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-16.oe1.aarch64.rpm","dbus-debugsource-1.12.16-16.oe1.aarch64.rpm","dbus-x11-1.12.16-16.oe1.aarch64.rpm","dbus-daemon-1.12.16-17.oe1.aarch64.rpm","dbus-debugsource-1.12.16-17.oe1.aarch64.rpm","dbus-devel-1.12.16-17.oe1.aarch64.rpm","dbus-libs-1.12.16-17.oe1.aarch64.rpm","dbus-x11-1.12.16-17.oe1.aarch64.rpm","dbus-tools-1.12.16-17.oe1.aarch64.rpm","dbus-1.12.16-17.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-17.oe1.aarch64.rpm"],"noarch":["dbus-help-1.12.16-16.oe1.noarch.rpm","dbus-common-1.12.16-16.oe1.noarch.rpm","dbus-common-1.12.16-17.oe1.noarch.rpm","dbus-help-1.12.16-17.oe1.noarch.rpm"],"src":["dbus-1.12.16-16.oe1.src.rpm","dbus-1.12.16-17.oe1.src.rpm"],"x86_64":["dbus-debuginfo-1.12.16-16.oe1.x86_64.rpm","dbus-devel-1.12.16-16.oe1.x86_64.rpm","dbus-x11-1.12.16-16.oe1.x86_64.rpm","dbus-1.12.16-16.oe1.x86_64.rpm","dbus-debugsource-1.12.16-16.oe1.x86_64.rpm","dbus-tools-1.12.16-16.oe1.x86_64.rpm","dbus-libs-1.12.16-16.oe1.x86_64.rpm","dbus-daemon-1.12.16-16.oe1.x86_64.rpm","dbus-daemon-1.12.16-17.oe1.x86_64.rpm","dbus-1.12.16-17.oe1.x86_64.rpm","dbus-tools-1.12.16-17.oe1.x86_64.rpm","dbus-devel-1.12.16-17.oe1.x86_64.rpm","dbus-x11-1.12.16-17.oe1.x86_64.rpm","dbus-debuginfo-1.12.16-17.oe1.x86_64.rpm","dbus-libs-1.12.16-17.oe1.x86_64.rpm","dbus-debugsource-1.12.16-17.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"dbus","purl":"pkg:rpm/openEuler/dbus\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.16-17.oe1"}]}],"ecosystem_specific":{"aarch64":["dbus-daemon-1.12.16-17.oe1.aarch64.rpm","dbus-debugsource-1.12.16-17.oe1.aarch64.rpm","dbus-devel-1.12.16-17.oe1.aarch64.rpm","dbus-libs-1.12.16-17.oe1.aarch64.rpm","dbus-x11-1.12.16-17.oe1.aarch64.rpm","dbus-tools-1.12.16-17.oe1.aarch64.rpm","dbus-1.12.16-17.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-17.oe1.aarch64.rpm"],"noarch":["dbus-common-1.12.16-17.oe1.noarch.rpm","dbus-help-1.12.16-17.oe1.noarch.rpm"],"src":["dbus-1.12.16-17.oe1.src.rpm"],"x86_64":["dbus-daemon-1.12.16-17.oe1.x86_64.rpm","dbus-1.12.16-17.oe1.x86_64.rpm","dbus-tools-1.12.16-17.oe1.x86_64.rpm","dbus-devel-1.12.16-17.oe1.x86_64.rpm","dbus-x11-1.12.16-17.oe1.x86_64.rpm","dbus-debuginfo-1.12.16-17.oe1.x86_64.rpm","dbus-libs-1.12.16-17.oe1.x86_64.rpm","dbus-debugsource-1.12.16-17.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1101"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35512"}],"database_specific":{"severity":"High"}}