Security update for ibus SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2174-1 Final 1 1 2019-09-24T08:20:15Z current 2019-09-24T08:20:15Z 2019-09-24T08:20:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ibus This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2174 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A5OYLMXW4CL6JVAISTO2TH2RNZYNOM3Q/#A5OYLMXW4CL6JVAISTO2TH2RNZYNOM3Q E-Mail link for openSUSE-SU-2019:2174-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1150011 SUSE Bug 1150011 https://www.suse.com/security/cve/CVE-2019-14822/ SUSE CVE CVE-2019-14822 page openSUSE Leap 15.0 ibus-1.5.17-lp150.4.3.1 ibus-branding-openSUSE-KDE-1.5.17-lp150.4.3.1 ibus-devel-1.5.17-lp150.4.3.1 ibus-gtk-1.5.17-lp150.4.3.1 ibus-gtk-32bit-1.5.17-lp150.4.3.1 ibus-gtk3-1.5.17-lp150.4.3.1 ibus-gtk3-32bit-1.5.17-lp150.4.3.1 ibus-lang-1.5.17-lp150.4.3.1 libibus-1_0-5-1.5.17-lp150.4.3.1 libibus-1_0-5-32bit-1.5.17-lp150.4.3.1 python-ibus-1.5.17-lp150.4.3.1 python3-ibus-1.5.17-lp150.4.3.1 typelib-1_0-IBus-1_0-1.5.17-lp150.4.3.1 ibus-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-branding-openSUSE-KDE-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-devel-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-gtk-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-gtk-32bit-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-gtk3-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-gtk3-32bit-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 ibus-lang-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 libibus-1_0-5-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 libibus-1_0-5-32bit-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 python-ibus-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 python3-ibus-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 typelib-1_0-IBus-1_0-1.5.17-lp150.4.3.1 as a component of openSUSE Leap 15.0 A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. CVE-2019-14822 openSUSE Leap 15.0:ibus-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-branding-openSUSE-KDE-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-devel-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-gtk-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-gtk-32bit-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-gtk3-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-gtk3-32bit-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:ibus-lang-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:libibus-1_0-5-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:libibus-1_0-5-32bit-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:python-ibus-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:python3-ibus-1.5.17-lp150.4.3.1 openSUSE Leap 15.0:typelib-1_0-IBus-1_0-1.5.17-lp150.4.3.1 important 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A5OYLMXW4CL6JVAISTO2TH2RNZYNOM3Q/#A5OYLMXW4CL6JVAISTO2TH2RNZYNOM3Q https://www.suse.com/security/cve/CVE-2019-14822.html CVE-2019-14822 https://bugzilla.suse.com/1150011 SUSE Bug 1150011