This bug was fixed in the package dbus - 1.10.6-1ubuntu3.4
---------------
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <[email protected]> Mon, 10 Jun 2019
14:06:01 -0400
** Changed in: dbus (Ubuntu Xenial)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12749
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644323
Title:
Installing unity8-session-snap adversely effects unity7
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1644323/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
