CLSA-2022-1669241224

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2022-1669241224

Upstream

CVE-2020-35512

CVE-2022-42010

CVE-2022-42011

CVE-2022-42012

Published

2022-11-23T22:07:04Z

Modified

2026-06-04T10:04:06.590806344Z

Summary

Fix CVE(s): CVE-2022-42012, CVE-2022-42011, CVE-2022-42010, CVE-2020-35512

Details

SECURITY UPDATE: Use-after-free in access control-related hash tables
- debian/patches/CVE-2020-35512.patch: use reference counting for DBusUserInfo and DBusGroupInfo structures.
- CVE-2020-35512
SECURITY UPDATE: Crash or incorrect parsing a signature with wrongly nested '()' and '{}'
- debian/patches/CVE-2022-42010.patch: add extra checking for brackets.
- CVE-2022-42010
SECURITY UPDATE: Out-of-bounds accesses during processing of arrays made up of an integer number of items
- debian/patches/CVE-2022-42011.patch: validate length of arrays of fixed-length items.
- CVE-2022-42011
SECURITY UPDATE: Crash when message type and the pointer into its contents goes out of sync
- debian/patches/CVE-2022-42012.patch: byte-swap Unix fd indexes if needed.
- CVE-2022-42012

References

https://errata.cloudlinux.com/ubuntu16-els/CLSA-2022-1669241224

Affected packages

TuxCare:Ubuntu:16.04

dbus

Package

Name: dbus
Purl: pkg:deb/tuxcare/dbus?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"

dbus-1-doc

Package

Name: dbus-1-doc
Purl: pkg:deb/tuxcare/dbus-1-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"

dbus-tests

Package

Name: dbus-tests
Purl: pkg:deb/tuxcare/dbus-tests?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"

dbus-user-session

Package

Name: dbus-user-session
Purl: pkg:deb/tuxcare/dbus-user-session?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"

dbus-x11

Package

Name: dbus-x11
Purl: pkg:deb/tuxcare/dbus-x11?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"

libdbus-1-3

Package

Name: libdbus-1-3
Purl: pkg:deb/tuxcare/libdbus-1-3?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"

libdbus-1-dev

Package

Name: libdbus-1-dev
Purl: pkg:deb/tuxcare/libdbus-1-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.6-1ubuntu3.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1669241224.json"