{
  "id": "openEuler-SA-2022-2001",
  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2001",
  "title": "An update for dbus is now available for openEuler-22.03-LTS",
  "severity": "Medium",
  "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.(CVE-2022-42010)\r\n\r\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.(CVE-2022-42011)\r\n\r\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.(CVE-2022-42012)",
  "cves": [
    {
      "id": "CVE-2022-42012",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42012",
      "severity": "Medium"
    }
  ]
}