Back to bug 2213166
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-06-07 10:40:53 UTC | CC | dking | |
| TEJ RATHI | 2023-06-07 10:42:16 UTC | Blocks | 2212991 | |
| TEJ RATHI | 2023-06-07 10:58:38 UTC | CC | acrosby, adudiak, aoconnor, bdettelb, caswilli, crarobin, dffrench, dfreiber, dhalasz, dkuc, fjansen, gzaronik, hbraun, hkataria, jburrell, jkoehler, jmadigan, jmitchel, jsherril, jtanner, jwong, kaycoth, kshier, micjohns, ngough, nweather, pamccart, psegedy, rgodfrey, rogbas, stcannon, sthirugn, tcarlin, tfister, tkasparek, tmeszaro, tsasak, vkrizan, vkumar, vmugicag, yguenane | |
| TEJ RATHI | 2023-06-08 04:27:19 UTC | CC | jwong | |
| CC | hbraun | |||
| CC | jkoehler | |||
| CC | tfister | |||
| CC | jsherril, tmeszaro | |||
| CC | aoconnor, crarobin, jmadigan, micjohns, pamccart, tkasparek | |||
| Depends On | 2213397, 2213396 | |||
| TEJ RATHI | 2023-06-08 04:28:23 UTC | Depends On | 2213399, 2213400, 2213401, 2213402 | |
| TEJ RATHI | 2023-06-08 11:42:16 UTC | Summary | dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered | CVE-2023-34969 dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered |
| Alias | CVE-2023-34969 | |||
| TEJ RATHI | 2023-06-16 11:45:34 UTC | Doc Text | An assertion failure issue was discovered in D-Bus, occurs when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. In other words, if a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the monitoring clients like dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash and results in a denial of service condition under some circumstances. | |
| RaTasha Tillery-Smith | 2023-06-16 12:00:25 UTC | Doc Text | An assertion failure issue was discovered in D-Bus, occurs when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. In other words, if a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the monitoring clients like dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash and results in a denial of service condition under some circumstances. | An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances. |
| Red Hat Bugzilla | 2023-07-07 08:29:44 UTC | Assignee | security-response-team | nobody |
| Red Hat Bugzilla | 2023-07-08 04:16:51 UTC | CC | acrosby | |
| errata-xmlrpc | 2023-08-07 08:49:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:4498 | |
| errata-xmlrpc | 2023-08-08 15:11:01 UTC | Link ID | Red Hat Product Errata RHSA-2023:4569 |
Back to bug 2213166