RLSA-2023:0096

Описание

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Security Fix(es):

• dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets (CVE-2022-42010)

• dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type (CVE-2022-42011)

• dbus: _dbus_marshal_byteswap doesn't process fds in messages with "foreign" endianness correctly (CVE-2022-42012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.