ALAS2-2023-2006

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. (CVE-2022-42010)

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. (CVE-2022-42011)

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. (CVE-2022-42012)

aarch64:
    dbus-1.10.24-7.amzn2.0.3.aarch64
    dbus-libs-1.10.24-7.amzn2.0.3.aarch64
    dbus-devel-1.10.24-7.amzn2.0.3.aarch64
    dbus-tests-1.10.24-7.amzn2.0.3.aarch64
    dbus-x11-1.10.24-7.amzn2.0.3.aarch64
    dbus-debuginfo-1.10.24-7.amzn2.0.3.aarch64

i686:
    dbus-1.10.24-7.amzn2.0.3.i686
    dbus-libs-1.10.24-7.amzn2.0.3.i686
    dbus-devel-1.10.24-7.amzn2.0.3.i686
    dbus-tests-1.10.24-7.amzn2.0.3.i686
    dbus-x11-1.10.24-7.amzn2.0.3.i686
    dbus-debuginfo-1.10.24-7.amzn2.0.3.i686

noarch:
    dbus-doc-1.10.24-7.amzn2.0.3.noarch

src:
    dbus-1.10.24-7.amzn2.0.3.src

x86_64:
    dbus-1.10.24-7.amzn2.0.3.x86_64
    dbus-libs-1.10.24-7.amzn2.0.3.x86_64
    dbus-devel-1.10.24-7.amzn2.0.3.x86_64
    dbus-tests-1.10.24-7.amzn2.0.3.x86_64
    dbus-x11-1.10.24-7.amzn2.0.3.x86_64
    dbus-debuginfo-1.10.24-7.amzn2.0.3.x86_64