Bug 24944 - dbus new security issue CVE-2019-12749
Summary: dbus new security issue CVE-2019-12749
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-32-OK, MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-06-12 02:56 CEST by David Walser
Modified: 2019-11-30 14:07 CET (History)
4 users (show)

See Also:
Source RPM: dbus-1.13.8-4.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-06-12 02:56:14 CEST
A security issue fixed upstream in DBus has been announced today (June 11):
https://www.openwall.com/lists/oss-security/2019/06/11/2

The issue is fixed in 1.13.12.

Mageia 6 is also affected.

It sounds like older versions of Ubuntu are more exposed to this vulnerability than other distros; I'm not sure exactly what our level of exposure is.
David Walser 2019-06-12 02:56:22 CEST

Whiteboard: (none) => MGA7TOO, MGA6TOO

Comment 1 David Walser 2019-08-11 22:24:13 CEST
Ubuntu and Debian have issued advisories for this on June 11 and June 13:
https://usn.ubuntu.com/4015-1/
https://www.debian.org/security/2019/dsa-4462
Comment 2 David Walser 2019-11-12 20:41:51 CET
RedHat has issued an advisory for this on November 5:
https://access.redhat.com/errata/RHSA-2019:3707

Severity: normal => critical

Comment 3 David Walser 2019-11-25 23:19:40 CET
openSUSE has issued advisories for this on June 24 and July 1:
https://lists.opensuse.org/opensuse-updates/2019-06/msg00123.html
https://lists.opensuse.org/opensuse-updates/2019-06/msg00196.html
Comment 4 Thomas Backlund 2019-11-26 09:28:08 CET
SRPM:
dbus-1.13.8-4.1.mga7.src.rpm

i586:
dbus-1.13.8-4.1.mga7.i586.rpm
dbus-doc-1.13.8-4.1.mga7.noarch.rpm
dbus-x11-1.13.8-4.1.mga7.i586.rpm
libdbus1_3-1.13.8-4.1.mga7.i586.rpm
libdbus-devel-1.13.8-4.1.mga7.i586.rpm

x86_64:
dbus-1.13.8-4.1.mga7.x86_64.rpm
dbus-doc-1.13.8-4.1.mga7.noarch.rpm
dbus-x11-1.13.8-4.1.mga7.x86_64.rpm
lib64dbus1_3-1.13.8-4.1.mga7.x86_64.rpm
lib64dbus-devel-1.13.8-4.1.mga7.x86_64.rpm

Whiteboard: MGA7TOO, MGA6TOO => (none)
Version: Cauldron => 7
Assignee: tmb => qa-bugs

Comment 5 José Jorge 2019-11-29 09:24:55 CET
Installed on a 32 bits system. Had to accept glibc-2.29-19 update to get it.
All seems ok.

CC: (none) => lists.jjorge

José Jorge 2019-11-29 09:25:10 CET

Whiteboard: (none) => MGA7-32-OK

Comment 6 Thomas Andrews 2019-11-29 22:11:50 CET
Installed on a 64-bit Plasma system. The glibc update had already been installed.
After the reboot, all looks good.

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: MGA7-32-OK => MGA7-32-OK, MGA7-64-OK

Thomas Backlund 2019-11-30 11:12:14 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 7 Mageia Robot 2019-11-30 14:07:37 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0339.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.