Updated ibus packages fix security vulnerability
Publication date: 21 Sep 2019Modification date: 21 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-14822
Description
It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical environment, could use this flaw to intercept all keystrokes of the victim user or modify input related configurations through DBus method calls (CVE-2019-14822).
References
SRPMS
6/core
- ibus-1.5.16-3.1.mga6
7/core
- ibus-1.5.20-1.1.mga7