Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "gir1.2-ibus-1.0" }, { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "ibus" }, { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "ibus-gtk" }, { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "ibus-gtk3" }, { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "ibus-wayland" }, { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "libibus-1.0-5" }, { "binary_version": "1.5.11-1ubuntu2.2", "binary_name": "libibus-1.0-dev" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "gir1.2-ibus-1.0" }, { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "ibus" }, { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "ibus-gtk" }, { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "ibus-gtk3" }, { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "ibus-wayland" }, { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "libibus-1.0-5" }, { "binary_version": "1.5.17-3ubuntu5.1", "binary_name": "libibus-1.0-dev" } ] }