6d7cdd7f8b
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS It's short and explains the CVE a bit, including below: > CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 > authentication for identities that differ from the user running the > DBusServer. Previously, a local attacker could manipulate symbolic > links in their own home directory to bypass authentication and connect > to a DBusServer with elevated privileges. The standard system and > session dbus-daemons in their default configuration were immune to this > attack because they did not allow DBUS_COOKIE_SHA1, but third-party > users of DBusServer such as Upstart could be vulnerable. Thanks to Joe > Vennix of Apple Information Security. (dbus#269, Simon McVittie) |
||
---|---|---|
.. | ||
androidndk-pkgs | ||
arduino | ||
beam-modules | ||
bower-modules/generic | ||
compilers | ||
coq-modules | ||
dhall-modules | ||
dotnet-modules/patches | ||
em-modules/generic | ||
go-modules | ||
go-packages | ||
guile-modules | ||
haskell-modules | ||
idris-modules | ||
interpreters | ||
java-modules | ||
libraries | ||
lisp-modules | ||
lua-modules | ||
misc | ||
mobile | ||
node-packages | ||
ocaml-modules | ||
perl-modules | ||
pharo | ||
pure-modules | ||
python-modules | ||
r-modules | ||
ruby-modules | ||
tools | ||
web |