{"id":"USN-4015-2","summary":"dbus vulnerability","details":"USN-4015-1 fixed a vulnerability in DBus. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\n Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1\n authentication. A local attacker could possibly use this issue to bypass\n authentication and connect to DBus servers with elevated privileges.\n","modified":"2026-02-17T22:02:48.419709Z","published":"2019-06-12T14:50:58Z","related":["UBUNTU-CVE-2019-12749"],"upstream":["CVE-2019-12749","UBUNTU-CVE-2019-12749"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4015-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12749"}],"affected":[{"package":{"name":"dbus","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/dbus@1.6.18-0ubuntu4.5+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.18-0ubuntu4.5+esm1"}]}],"versions":["1.6.12-0ubuntu10","1.6.18-0ubuntu1","1.6.18-0ubuntu2","1.6.18-0ubuntu3","1.6.18-0ubuntu4","1.6.18-0ubuntu4.1","1.6.18-0ubuntu4.2","1.6.18-0ubuntu4.3","1.6.18-0ubuntu4.4","1.6.18-0ubuntu4.5"],"ecosystem_specific":{"binaries":[{"binary_name":"dbus","binary_version":"1.6.18-0ubuntu4.5+esm1"},{"binary_name":"dbus-x11","binary_version":"1.6.18-0ubuntu4.5+esm1"},{"binary_name":"libdbus-1-3","binary_version":"1.6.18-0ubuntu4.5+esm1"},{"binary_name":"libdbus-1-dev","binary_version":"1.6.18-0ubuntu4.5+esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2019-12749","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4015-2.json"}}],"schema_version":"1.7.3"}