D-Bus: Multiple vulnerabilities Multiple vulnerabilities in D-Bus might allow an attacker to overwrite files with a fixed filename in arbitrary directories or conduct a symlink attack. dbus 2017-06-06 2017-06-06 611392 local, remote 1.10.18 1.10.18

D-Bus is a message bus system which processes can use to talk to each other.

Multiple vulnerabilities have been discovered in D-Bus. Please review the original report referenced below for details.

An attacker could possibly overwrite arbitrary files named “once” with content not controlled by the attacker.

A local attacker could perform a symlink attack against D-Bus’ test suite.

There is no known workaround at this time.

All D-Bus users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.10.18" Original report BlueKnight whissi