[ASA-202101-26] gobby: denial of service
Arch Linux Security Advisory ASA-202101-26 ========================================== Severity: Low Date : 2021-01-20 CVE-ID : CVE-2020-35450 Package : gobby Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1383 Summary ======= The package gobby before version 1:0.5.0+116+g295e697-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1:0.5.0+116+g295e697-1. # pacman -Syu "gobby>=1:0.5.0+116+g295e697-1" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. Impact ====== A local attacker can crash the application through a crafted dbus message. References ========== https://bugs.archlinux.org/task/69118 https://github.com/gobby/gobby/issues/183 https://github.com/gobby/gobby/pull/184 https://github.com/gobby/gobby/commit/295e697ac83c6638bc7c6f0498534b12278192... https://security.archlinux.org/CVE-2020-35450
participants (1)
-
Morten Linderud