Name of the Vulnerable Software and Affected Versions dbus (affected versions not specified)

Description The issue concerns security hardening and bug fixes in dbus. On Unix platforms, the default configuration for the session bus has been changed to only allow EXTERNAL authentication, avoiding the fallback to DBUS COOKIE SHA1, which relies on strongly unpredictable pseudo-random numbers. This change mitigates potential security risks under certain circumstances, such as when /dev/urandom is unreadable or malloc() returns NULL. Additionally, several bugs have been fixed, including a memory leak when GetConnectionCredentials() succeeds, and issues with dbus-monitor, DBusCounter, DBusTransport, and DBusServer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.