Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3538 ibus security update 19 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ibus Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-14822 Reference: ESB-2019.3532 ESB-2019.3519 Original Bulletin: http://www.debian.org/security/2019/dsa-4525 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4525-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : ibus CVE ID : CVE-2019-14822 Debian Bug : 940267 Simon McVittie reported a flaw in ibus, the Intelligent Input Bus. Due to a misconfiguration during the setup of the DBus, any unprivileged user could monitor and send method calls to the ibus bus of another user, if able to discover the UNIX socket used by another user connected on a graphical environment. The attacker can take advantage of this flaw to intercept keystrokes of the victim user or modify input related configurations through DBus method calls. For the oldstable distribution (stretch), this problem has been fixed in version 1.5.14-3+deb9u2. For the stable distribution (buster), this problem has been fixed in version 1.5.19-4+deb10u1. We recommend that you upgrade your ibus packages. For the detailed security status of ibus please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ibus Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2Cm1pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qkpg/5AXT9nKgJobMbS15EmeAzC3uEbhXgMX5G4eFys+5vdDJBkQelfBlNZU/e PMkLFpEw7s3h1Psi671SNc2nLUJAZkNlcytukOV2DjTQx/TM/7NeHgi5RQrcECG9 l/xnYDh4U4v0mftPw1p5Vro7VOT5NNHvS+qcjdaKCrZ8oGnaS9cvhGcAjiw11jyl h9LRYxyMKt6P+WYHnCATTXro9AmUMMk101LStYihC1oCCsjckmaAAprlvoKJbXfi 0Fz5iNBB8KL280Oi7/ruvQMbvcpSSINEq3pUE7JKuYnscLEQd7A/kjfQHRszBqO2 1D6N39Oe+vyKGjnsLJXuajsUdQB+w7XwmVwvLvlZV2N5LptoeedFMyYdDzcb49t8 KIPqzr8wUuFSTuTv2DXQOF1EGS3Pt6PwM7ArRZrBSDmOGZJPpZWtXCwNuwp7IGr+ EiutIAa4LKBzqvQZrisI+gMYAvYUo3c4Ot0am+v7TvNw3lM440VPE+narQ1kI1s8 lyQ0/9w2aO1lqmnFKpvn9EroXCIMQHRKMGl95ZAaxMj+YPJhB0tyy2YFJkUSIYFq l5OMBWdHRZevLgYuj7G+U6w6Kx7Nedk7SUmvasofWOiOkycYRKEa0CJmhKjDI+kC b0E2a5FQRD4kEMTqqd0H6i5Ur4fsrgRXrnp4rdTlDpV12QYqPlk= =BXb6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXYLcpGaOgq3Tt24GAQg76A/+MHaVEo+2I2+zVO8OOpPm2cazbBsRumlG epQ2FJ0/3Qq/+DXfbtf1yQ5I3eBYG7WRHdqYIGQn/Eod7ijqgYQF2QKBGTseOo6Z q494nNkZ8y1d80Zg6TI27JchIXYYVZh4/pa6HMIvzac06386+u1LeSj1zhUrVJM2 BOOP8uw5SV63fimVkaJoeDzqCREbIovDY9uIugLqzzfcV5/o9caXzmNwgzD8nS2Q Wb0VkUlJCB7JsmZ0lD7nI50va+IyuIjUw5jBWaySwXCh9cwiY146tJrcYuxmonz6 lO6rwehPqKK+7/EOb8XKBb3dMnE+r1uHlju1+ubdcbi4YggHkmP8cN0VSwGQLbzm SxIJT8NVX22gdhrihs6wGyBoubeTfbbnbwtkXft5IwIi+sUpHccpfCPvC8ozajDp ziZs+FI+Bw2BEiUDupc0hHzjKt+yESd6jYgnBVgquxHQGAauYP9yc3oADURd93n8 +a4UPLh9aIswHsHQiOTDr9+LRuS2yq68OmyrpQ4Ea+dZepcIiJKE1NsQ+o0utdI+ 9VWv55xY3Wkb0ouaHFBC4oYvFEae0+GlkImKPxRlzdO8VyU9gWM1dcLK4+53Rf0z eOdUrdudweqUemZOx17sAl8DsFatcRwUftpOMBRdlG8Uv7osNphJlHPYQBkVMzKY n0LRMK13IF8= =xn1Z -----END PGP SIGNATURE-----