MGASA-2022-0365

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0365.html

Import Source

https://advisories.mageia.org/MGASA-2022-0365.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0365

Related

Published

2022-10-08T20:22:22Z

Modified

2022-10-08T19:30:36Z

Summary

Updated dbus packages fix security vulnerability

Details

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (CVE-2022-42010)

An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. (CVE-2022-42011)

A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. (CVE-2022-42012)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2022-0365

Affected packages