AmazonALAS-2024-2428Medium: dbus
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.6%
Issue Overview:
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. (CVE-2023-34969)
Affected Packages:
dbus
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update dbus to update your system.
New Packages:
aarch64:
dbus-1.10.24-7.amzn2.0.4.aarch64
dbus-libs-1.10.24-7.amzn2.0.4.aarch64
dbus-devel-1.10.24-7.amzn2.0.4.aarch64
dbus-tests-1.10.24-7.amzn2.0.4.aarch64
dbus-x11-1.10.24-7.amzn2.0.4.aarch64
dbus-debuginfo-1.10.24-7.amzn2.0.4.aarch64
i686:
dbus-1.10.24-7.amzn2.0.4.i686
dbus-libs-1.10.24-7.amzn2.0.4.i686
dbus-devel-1.10.24-7.amzn2.0.4.i686
dbus-tests-1.10.24-7.amzn2.0.4.i686
dbus-x11-1.10.24-7.amzn2.0.4.i686
dbus-debuginfo-1.10.24-7.amzn2.0.4.i686
noarch:
dbus-doc-1.10.24-7.amzn2.0.4.noarch
src:
dbus-1.10.24-7.amzn2.0.4.src
x86_64:
dbus-1.10.24-7.amzn2.0.4.x86_64
dbus-libs-1.10.24-7.amzn2.0.4.x86_64
dbus-devel-1.10.24-7.amzn2.0.4.x86_64
dbus-tests-1.10.24-7.amzn2.0.4.x86_64
dbus-x11-1.10.24-7.amzn2.0.4.x86_64
dbus-debuginfo-1.10.24-7.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2023-34969
Mitre: CVE-2023-34969
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | dbus | < 1.10.24-7.amzn2.0.4 | dbus-1.10.24-7.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | dbus-libs | < 1.10.24-7.amzn2.0.4 | dbus-libs-1.10.24-7.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | dbus-devel | < 1.10.24-7.amzn2.0.4 | dbus-devel-1.10.24-7.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | dbus-tests | < 1.10.24-7.amzn2.0.4 | dbus-tests-1.10.24-7.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | dbus-x11 | < 1.10.24-7.amzn2.0.4 | dbus-x11-1.10.24-7.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | dbus-debuginfo | < 1.10.24-7.amzn2.0.4 | dbus-debuginfo-1.10.24-7.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | i686 | dbus | < 1.10.24-7.amzn2.0.4 | dbus-1.10.24-7.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | dbus-libs | < 1.10.24-7.amzn2.0.4 | dbus-libs-1.10.24-7.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | dbus-devel | < 1.10.24-7.amzn2.0.4 | dbus-devel-1.10.24-7.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | dbus-tests | < 1.10.24-7.amzn2.0.4 | dbus-tests-1.10.24-7.amzn2.0.4.i686.rpm |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.6%