{"id":"USN-3116-1","summary":"dbus vulnerabilities","details":"It was discovered that DBus incorrectly validated the source of\nActivationFailure signals. A local attacker could use this issue to cause a\ndenial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2015-0245)\n\nIt was discovered that DBus incorrectly handled certain format strings. A\nlocal attacker could use this issue to cause a denial of service, or\npossibly execute arbitrary code. This issue is only exposed to unprivileged\nusers when the fix for CVE-2015-0245 is not applied, hence this issue is\nonly likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04\nLTS and Ubuntu 16.10 have been updated as a preventative measure in the\nevent that a new attack vector for this issue is discovered.\n(No CVE number)\n","modified":"2026-02-10T04:41:02Z","published":"2016-11-01T17:01:15Z","related":["UBUNTU-CVE-2015-0245"],"upstream":["CVE-2015-0245","UBUNTU-CVE-2015-0245"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3116-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0245"}],"affected":[{"package":{"name":"dbus","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/dbus@1.6.18-0ubuntu4.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.18-0ubuntu4.4"}]}],"versions":["1.6.12-0ubuntu10","1.6.18-0ubuntu1","1.6.18-0ubuntu2","1.6.18-0ubuntu3","1.6.18-0ubuntu4","1.6.18-0ubuntu4.1","1.6.18-0ubuntu4.2","1.6.18-0ubuntu4.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"dbus","binary_version":"1.6.18-0ubuntu4.4"},{"binary_name":"dbus-x11","binary_version":"1.6.18-0ubuntu4.4"},{"binary_name":"libdbus-1-3","binary_version":"1.6.18-0ubuntu4.4"},{"binary_name":"libdbus-1-dev","binary_version":"1.6.18-0ubuntu4.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3116-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2015-0245","severity":[{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"dbus","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/dbus@1.10.6-1ubuntu3.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.10.6-1ubuntu3.1"}]}],"versions":["1.10.0-1ubuntu1","1.10.4-1ubuntu2","1.10.6-1ubuntu1","1.10.6-1ubuntu2","1.10.6-1ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"dbus","binary_version":"1.10.6-1ubuntu3.1"},{"binary_name":"dbus-tests","binary_version":"1.10.6-1ubuntu3.1"},{"binary_name":"dbus-user-session","binary_version":"1.10.6-1ubuntu3.1"},{"binary_name":"dbus-x11","binary_version":"1.10.6-1ubuntu3.1"},{"binary_name":"libdbus-1-3","binary_version":"1.10.6-1ubuntu3.1"},{"binary_name":"libdbus-1-dev","binary_version":"1.10.6-1ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3116-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]}}}],"schema_version":"1.7.3"}