ALAS2023-2023-100

Amazon Linux 2023 Security Advisory: ALAS-2023-100
Advisory Release Date: 2023-02-17 20:48 Pacific
Advisory Updated Date: 2023-02-22 23:26 Pacific
Severity: Medium
Issue Overview:

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. (CVE-2022-42010)

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. (CVE-2022-42011)

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. (CVE-2022-42012)


Affected Packages:

dbus


Issue Correction:
Run dnf update dbus --releasever=2023.0.20230222 to update your system.

New Packages:
aarch64:
    dbus-libs-debuginfo-1.12.24-1.amzn2023.0.2.aarch64
    dbus-tools-debuginfo-1.12.24-1.amzn2023.0.2.aarch64
    dbus-x11-debuginfo-1.12.24-1.amzn2023.0.2.aarch64
    dbus-x11-1.12.24-1.amzn2023.0.2.aarch64
    dbus-daemon-debuginfo-1.12.24-1.amzn2023.0.2.aarch64
    dbus-daemon-1.12.24-1.amzn2023.0.2.aarch64
    dbus-tests-debuginfo-1.12.24-1.amzn2023.0.2.aarch64
    dbus-debugsource-1.12.24-1.amzn2023.0.2.aarch64
    dbus-libs-1.12.24-1.amzn2023.0.2.aarch64
    dbus-tests-1.12.24-1.amzn2023.0.2.aarch64
    dbus-tools-1.12.24-1.amzn2023.0.2.aarch64
    dbus-debuginfo-1.12.24-1.amzn2023.0.2.aarch64
    dbus-1.12.24-1.amzn2023.0.2.aarch64
    dbus-devel-1.12.24-1.amzn2023.0.2.aarch64

noarch:
    dbus-common-1.12.24-1.amzn2023.0.2.noarch
    dbus-doc-1.12.24-1.amzn2023.0.2.noarch

src:
    dbus-1.12.24-1.amzn2023.0.2.src

x86_64:
    dbus-daemon-debuginfo-1.12.24-1.amzn2023.0.2.x86_64
    dbus-libs-debuginfo-1.12.24-1.amzn2023.0.2.x86_64
    dbus-tools-debuginfo-1.12.24-1.amzn2023.0.2.x86_64
    dbus-libs-1.12.24-1.amzn2023.0.2.x86_64
    dbus-x11-1.12.24-1.amzn2023.0.2.x86_64
    dbus-debugsource-1.12.24-1.amzn2023.0.2.x86_64
    dbus-1.12.24-1.amzn2023.0.2.x86_64
    dbus-tests-debuginfo-1.12.24-1.amzn2023.0.2.x86_64
    dbus-x11-debuginfo-1.12.24-1.amzn2023.0.2.x86_64
    dbus-tools-1.12.24-1.amzn2023.0.2.x86_64
    dbus-debuginfo-1.12.24-1.amzn2023.0.2.x86_64
    dbus-devel-1.12.24-1.amzn2023.0.2.x86_64
    dbus-daemon-1.12.24-1.amzn2023.0.2.x86_64
    dbus-tests-1.12.24-1.amzn2023.0.2.x86_64

Additional References

Red Hat: CVE-2022-42010, CVE-2022-42011, CVE-2022-42012

Mitre: CVE-2022-42010, CVE-2022-42011, CVE-2022-42012