{"id":"OESA-2021-1101","summary":"dbus security update","details":"D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on demand when their services are needed.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors(CVE-2020-35512)","modified":"2026-03-11T05:59:40.889001Z","published":"2021-04-07T11:02:44Z","upstream":["CVE-2020-35512"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1101"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35512"}],"affected":[{"package":{"name":"dbus","ecosystem":"openEuler:20.03-LTS","purl":"pkg:rpm/openEuler/dbus&distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.16-17.oe1"}]}],"ecosystem_specific":{"noarch":["dbus-help-1.12.16-16.oe1.noarch.rpm","dbus-common-1.12.16-16.oe1.noarch.rpm","dbus-common-1.12.16-17.oe1.noarch.rpm","dbus-help-1.12.16-17.oe1.noarch.rpm"],"src":["dbus-1.12.16-16.oe1.src.rpm","dbus-1.12.16-17.oe1.src.rpm"],"x86_64":["dbus-debuginfo-1.12.16-16.oe1.x86_64.rpm","dbus-devel-1.12.16-16.oe1.x86_64.rpm","dbus-x11-1.12.16-16.oe1.x86_64.rpm","dbus-1.12.16-16.oe1.x86_64.rpm","dbus-debugsource-1.12.16-16.oe1.x86_64.rpm","dbus-tools-1.12.16-16.oe1.x86_64.rpm","dbus-libs-1.12.16-16.oe1.x86_64.rpm","dbus-daemon-1.12.16-16.oe1.x86_64.rpm","dbus-daemon-1.12.16-17.oe1.x86_64.rpm","dbus-1.12.16-17.oe1.x86_64.rpm","dbus-tools-1.12.16-17.oe1.x86_64.rpm","dbus-devel-1.12.16-17.oe1.x86_64.rpm","dbus-x11-1.12.16-17.oe1.x86_64.rpm","dbus-debuginfo-1.12.16-17.oe1.x86_64.rpm","dbus-libs-1.12.16-17.oe1.x86_64.rpm","dbus-debugsource-1.12.16-17.oe1.x86_64.rpm"],"aarch64":["dbus-tools-1.12.16-16.oe1.aarch64.rpm","dbus-1.12.16-16.oe1.aarch64.rpm","dbus-devel-1.12.16-16.oe1.aarch64.rpm","dbus-daemon-1.12.16-16.oe1.aarch64.rpm","dbus-libs-1.12.16-16.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-16.oe1.aarch64.rpm","dbus-debugsource-1.12.16-16.oe1.aarch64.rpm","dbus-x11-1.12.16-16.oe1.aarch64.rpm","dbus-daemon-1.12.16-17.oe1.aarch64.rpm","dbus-debugsource-1.12.16-17.oe1.aarch64.rpm","dbus-devel-1.12.16-17.oe1.aarch64.rpm","dbus-libs-1.12.16-17.oe1.aarch64.rpm","dbus-x11-1.12.16-17.oe1.aarch64.rpm","dbus-tools-1.12.16-17.oe1.aarch64.rpm","dbus-1.12.16-17.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-17.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1101.json"}},{"package":{"name":"dbus","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/dbus&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.16-17.oe1"}]}],"ecosystem_specific":{"noarch":["dbus-common-1.12.16-17.oe1.noarch.rpm","dbus-help-1.12.16-17.oe1.noarch.rpm"],"src":["dbus-1.12.16-17.oe1.src.rpm"],"x86_64":["dbus-daemon-1.12.16-17.oe1.x86_64.rpm","dbus-1.12.16-17.oe1.x86_64.rpm","dbus-tools-1.12.16-17.oe1.x86_64.rpm","dbus-devel-1.12.16-17.oe1.x86_64.rpm","dbus-x11-1.12.16-17.oe1.x86_64.rpm","dbus-debuginfo-1.12.16-17.oe1.x86_64.rpm","dbus-libs-1.12.16-17.oe1.x86_64.rpm","dbus-debugsource-1.12.16-17.oe1.x86_64.rpm"],"aarch64":["dbus-daemon-1.12.16-17.oe1.aarch64.rpm","dbus-debugsource-1.12.16-17.oe1.aarch64.rpm","dbus-devel-1.12.16-17.oe1.aarch64.rpm","dbus-libs-1.12.16-17.oe1.aarch64.rpm","dbus-x11-1.12.16-17.oe1.aarch64.rpm","dbus-tools-1.12.16-17.oe1.aarch64.rpm","dbus-1.12.16-17.oe1.aarch64.rpm","dbus-debuginfo-1.12.16-17.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1101.json"}}],"schema_version":"1.7.5"}