USN-4134-3

See a problem?
Source
https://ubuntu.com/security/notices/USN-4134-3
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4134-3.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4134-3
Related
Published
2020-03-24T10:38:46.415074Z
Modified
2020-03-24T10:38:46.415074Z
Summary
ibus vulnerability
Details

USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability.

We apologize for the inconvenience.

Original advisory details:

Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.

References

Affected packages

Ubuntu:18.04:LTS / ibus

Package

Name
ibus

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.17-3ubuntu5.3

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ibus-gtk3": "1.5.17-3ubuntu5.3",
            "libibus-1.0-5": "1.5.17-3ubuntu5.3",
            "ibus-wayland": "1.5.17-3ubuntu5.3",
            "ibus-gtk": "1.5.17-3ubuntu5.3",
            "ibus-doc": "1.5.17-3ubuntu5.3",
            "libibus-1.0-dev": "1.5.17-3ubuntu5.3",
            "gir1.2-ibus-1.0": "1.5.17-3ubuntu5.3",
            "ibus": "1.5.17-3ubuntu5.3"
        }
    ]
}

Ubuntu:16.04:LTS / ibus

Package

Name
ibus

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.11-1ubuntu2.4

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ibus-gtk3": "1.5.11-1ubuntu2.4",
            "libibus-1.0-5": "1.5.11-1ubuntu2.4",
            "ibus-wayland": "1.5.11-1ubuntu2.4",
            "ibus-gtk": "1.5.11-1ubuntu2.4",
            "ibus-doc": "1.5.11-1ubuntu2.4",
            "libibus-1.0-dev": "1.5.11-1ubuntu2.4",
            "gir1.2-ibus-1.0": "1.5.11-1ubuntu2.4",
            "ibus": "1.5.11-1ubuntu2.4"
        }
    ]
}