Advisories » MGASA-2026-0178

Updated xdg-dbus-proxy packages fix security vulnerability

Publication date: 07 Jun 2026
Modification date: 07 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34080

Description

A policy parser vulnerability allows bypassing eavesdrop restrictions.
The proxy checks for eavesdrop=true in policy rules but fails to handle
eavesdrop ='true' (with a space before the equals sign) and similar
cases.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35347
• https://www.openwall.com/lists/oss-security/2026/04/10/15
• https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677
• https://www.cve.org/CVERecord?id=CVE-2026-34080

SRPMS

9/core

• xdg-dbus-proxy-0.1.7-1.mga9