RHSA-2020:2894

Affecting dbus package, versions <1:1.10.24-14.el7_8

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:2894. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade dbus to version or higher.

References

CVE
RHSA-2020:2894
Snyk ID
SNYK-CENTOS7-DBUS-584292
Published
13 Jul, 2020