Amazon Linux 1 Security Advisory: ALAS-2023-1730
Advisory Release Date: 2023-04-13 19:01 Pacific
Advisory Updated Date: 2023-04-20 20:01 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. (CVE-2022-42010)
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. (CVE-2022-42011)
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. (CVE-2022-42012)
Affected Packages:
dbus
Issue Correction:
Run yum update dbus to update your system.
i686:
dbus-1.6.12-14.31.amzn1.i686
dbus-devel-1.6.12-14.31.amzn1.i686
dbus-libs-1.6.12-14.31.amzn1.i686
dbus-debuginfo-1.6.12-14.31.amzn1.i686
noarch:
dbus-doc-1.6.12-14.31.amzn1.noarch
src:
dbus-1.6.12-14.31.amzn1.src
x86_64:
dbus-1.6.12-14.31.amzn1.x86_64
dbus-libs-1.6.12-14.31.amzn1.x86_64
dbus-devel-1.6.12-14.31.amzn1.x86_64
dbus-debuginfo-1.6.12-14.31.amzn1.x86_64