Advisories ยป MGASA-2022-0365

Updated dbus packages fix security vulnerability

Publication date: 08 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-42010 , CVE-2022-42011 , CVE-2022-42012


A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (CVE-2022-42010)

An invalid array of fixed-length elements where the length of the array is
not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.

A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. (CVE-2022-42012)