{"schema_version":"1.7.2","id":"OESA-2022-2051","modified":"2022-11-11T11:04:31Z","published":"2022-11-11T11:04:31Z","upstream":["CVE-2022-42010","CVE-2022-42011","CVE-2022-42012"],"summary":"dbus security update","details":"\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.(CVE-2022-42010)\r\n\r\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.(CVE-2022-42011)\r\n\r\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.(CVE-2022-42012)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"dbus","purl":"pkg:rpm/openEuler/dbus\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.16-20.oe1"}]}],"ecosystem_specific":{"aarch64":["dbus-devel-1.12.16-20.oe1.aarch64.rpm","dbus-libs-1.12.16-20.oe1.aarch64.rpm","dbus-debugsource-1.12.16-20.oe1.aarch64.rpm","dbus-daemon-1.12.16-20.oe1.aarch64.rpm","dbus-tools-1.12.16-20.oe1.aarch64.rpm","dbus-x11-1.12.16-20.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-20.oe1.aarch64.rpm","dbus-1.12.16-20.oe1.aarch64.rpm"],"noarch":["dbus-common-1.12.16-20.oe1.noarch.rpm","dbus-help-1.12.16-20.oe1.noarch.rpm"],"src":["dbus-1.12.16-20.oe1.src.rpm"],"x86_64":["dbus-libs-1.12.16-20.oe1.x86_64.rpm","dbus-1.12.16-20.oe1.x86_64.rpm","dbus-x11-1.12.16-20.oe1.x86_64.rpm","dbus-debugsource-1.12.16-20.oe1.x86_64.rpm","dbus-daemon-1.12.16-20.oe1.x86_64.rpm","dbus-devel-1.12.16-20.oe1.x86_64.rpm","dbus-debuginfo-1.12.16-20.oe1.x86_64.rpm","dbus-tools-1.12.16-20.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2051"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42010"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42011"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42012"}],"database_specific":{"severity":"Medium"}}