Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:4498

Опубликовано: 24 авг. 2023
Источник: rocky
Оценка: Moderate

Описание

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Security Fix(es):

  • dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered (CVE-2023-34969)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
dbusx86_6424.el8_8.1dbus-1.12.8-24.el8_8.1.x86_64.rpm
dbus-commonnoarch24.el8_8.1dbus-common-1.12.8-24.el8_8.1.noarch.rpm
dbus-daemonx86_6424.el8_8.1dbus-daemon-1.12.8-24.el8_8.1.x86_64.rpm
dbus-libsx86_6424.el8_8.1dbus-libs-1.12.8-24.el8_8.1.x86_64.rpm
dbus-toolsx86_6424.el8_8.1dbus-tools-1.12.8-24.el8_8.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-34969

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-34969

CVSS3: 6.5
ubuntu
около 2 лет назад

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

redhat логотип

CVE-2023-34969

CVSS3: 6.2
redhat
около 2 лет назад

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

nvd логотип

CVE-2023-34969

CVSS3: 6.5
nvd
около 2 лет назад

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

msrc логотип

CVE-2023-34969

CVSS3: 6.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-34969

CVSS3: 6.5
debian
около 2 лет назад

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...