Debian Security Advisory
DLA-2235-1 dbus -- LTS security update
- Date Reported:
- 05 Jun 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-12049.
- More information:
It was discovered that there was a file descriptor leak in the D-Bus message bus.
An unprivileged local attacker could use this to attack the system DBus daemon, leading to denial of service for all users of the machine.
File descriptor leak in _dbus_read_socket_with_unix_fds
For Debian 8
Jessie, these problems have been fixed in version 1.8.22-0+deb8u3.
We recommend that you upgrade your dbus packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS