| Summary: | ibus new security issue CVE-2019-14822 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, herman.viaene, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6TOO MGA6-64-OK MGA7-64-OK | ||
| Source RPM: | ibus-1.5.21-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-09-13 12:41:43 CEST
David Walser
2019-09-13 12:41:51 CEST
Whiteboard:
(none) =>
MGA7TOO, MGA6TOO Done for Cauldron, mga7 and mga6! CC:
(none) =>
geiger.david68210 I hope base system is the most appropriate assignee for this. Otherwise it would be for anybody (pkg-bugs). Assignee:
bugsquad =>
basesystem Advisory: ======================== Updated ibus packages fix security vulnerability: It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical environment, could use this flaw to intercept all keystrokes of the victim user or modify input related configurations through DBus method calls (CVE-2019-14822). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14822 https://www.openwall.com/lists/oss-security/2019/09/13/1 ======================== Updated packages in core/updates_testing: ======================== ibus-1.5.16-3.1.mga6 libibus1.0_5-1.5.16-3.1.mga6 libibus-gir1.0-1.5.16-3.1.mga6 ibus-devel-1.5.16-3.1.mga6 ibus-ui-gtk3-1.5.16-3.1.mga6 ibus-gtk-1.5.16-3.1.mga6 ibus-gtk3-1.5.16-3.1.mga6 ibus-1.5.20-1.1.mga7 libibus1.0_5-1.5.20-1.1.mga7 libibus-gir1.0-1.5.20-1.1.mga7 ibus-devel-1.5.20-1.1.mga7 ibus-ui-gtk3-1.5.20-1.1.mga7 ibus-gtk-1.5.20-1.1.mga7 ibus-gtk3-1.5.20-1.1.mga7 from SRPMS: ibus-1.5.16-3.1.mga6.src.rpm ibus-1.5.20-1.1.mga7.src.rpm Version:
Cauldron =>
7 MGA6-64 Plasma on Lenovo B50 No installation issues. Bug 16317 tells me that this package has to do with Chinese characters and impacted firefox at that time. I cann't see any bad effects on Firefox withthenew version, but a test by someone who actually uses Chinese characters would be nice to OK this update. CC:
(none) =>
herman.viaene mga7, x86_64 Wikipedia has: "an input method (IM) framework for multilingual input in Unix-like operating-systems" Checked the list of RPMs and installed anything missing. All updated cleanly. $ rpm -qa | grep ibus ibus-ui-gtk3-1.5.20-1.1.mga7 ibus-devel-1.5.20-1.1.mga7 ibus-gtk3-1.5.20-1.1.mga7 lib64ibus1.0_5-1.5.20-1.1.mga7 lib64ibus-gir1.0-1.5.20-1.1.mga7 ibus-gtk-1.5.20-1.1.mga7 ibus-1.5.20-1.1.mga I agree with Herman that tests of Firefox with other languages, not necessarily Chinese, after the update, would provide some reassurance. Office productivity suites like LibreOffice as well maybe? Giving this a tentative OK for 64bits. Whiteboard:
MGA6TOO =>
MGA6TOO MGA7-64-OK mga6, x86_64 All seven base packages already installed. They all updated cleanly. Following comments 4 and 5 this is about all we can do.
Len Lawrence
2019-09-17 21:18:26 CEST
Whiteboard:
MGA6TOO MGA7-64-OK =>
MGA6TOO MGA6-64-OK MGA7-64-OK Validating. Advisory in Comment 3. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0284.html Status:
NEW =>
RESOLVED |