Vulnerability CVE-2023-34969: Information
Description
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| dbus | sisyphus | 1.14.8-alt1 | 1.14.10-alt1 | ALT-PU-2023-4139-1 | 324298 | Fixed |
| dbus | sisyphus_e2k | 1.14.8-alt1 | 1.14.10-alt1 | ALT-PU-2023-4193-1 | - | Fixed |
| dbus | sisyphus_riscv64 | 1.14.8-alt1 | 1.14.10-alt1 | ALT-PU-2023-4217-1 | - | Fixed |
| dbus | p10 | 1.14.8-alt1 | 1.14.10-alt1 | ALT-PU-2023-4115-2 | 324300 | Fixed |
| dbus | p10_e2k | 1.14.8-alt1 | 1.14.10-alt1 | ALT-PU-2023-5089-1 | - | Fixed |
| dbus | c10f1 | 1.14.8-alt1 | 1.14.8-alt1 | ALT-PU-2024-3680-2 | 340648 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 |
|
| [debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update |
|
| FEDORA-2023-d22162d9ba |
|
| https://security.netapp.com/advisory/ntap-20231208-0007/ |