Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-3553

Опубликовано: 14 нояб. 2019
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2019-3553: GNOME security, bug fix, and enhancement update (LOW)

accountsservice [0.6.50-7]

  • Dont send change updates for login history changes Resolves: #1713080

appstream-data [8-20190805]

  • Regenerate the RHEL metadata to include the latest cockpit changes
  • Resolves: #1673011

[8-20190719]

  • Regenerate the RHEL metadata
  • Resolves: #1673011

[8-20180721]

  • Regenerate the RHEL metadata using rhel-8.0-appstream

[8-20180720]

  • Regenerate the RHEL metadata using rhel-8.0-candidate

baobab [3.28.0-2]

  • Fix gschema translations (rhbz#1705583)

chrome-gnome-shell [10.1-6]

  • Install icons in 'hicolor' instead of 'gnome' Related: #1694203

[10.1-5]

  • bump release num to correctly start gating process

    Related: #1694203

[10.1-4]

  • Adjust Fedora spec to build on RHEL:

    • build missing BuildRequire

    Related: #1694203

[10.1-4]

[10.1-3]

[10.1-2]

  • Rebuilt for Python 3.7

[10.1-1]

  • Update to 10.1

[9-4]

[9-3]

[9-2]

[9-1]

  • Update to 9

[8.2-2]

  • Package review fixes (#1343710)
  • Validate the desktop file
  • Dont own /etc/opt directory
  • Depend on mozilla-filesystem instead of co-owning mozilla directories
  • Depend on dbus and gnome-icon-theme/hicolor-icon-theme for directory ownership

[8.2-1]

  • Update to 8.2
  • Simplify files list
  • Build with Python 3 (#1343710)
  • Add missing python3-requests dependency (#1343710)
  • Update package description

[6.1-1]

  • Update to 6.1

[6-1]

  • Update to Ver.6
  • Fix 'orphaned directory'

[5.2-1]

  • Initial package.

evince [3.28.4-3]

  • Add requirement on evince-libs for nautilus and browser-plugin
  • subpackages (RPMDiff)
  • Related: #1717353

[3.28.4-2]

  • Handle failure from TIFFReadRGBAImageOriented()
  • Resolves: #1717353

file-roller [3.28.1-2]

  • Remove nautilus extension subpackage (#1638813)

gdk-pixbuf2 [2.36.12-5]

  • Disable mmx support Resolves: #1630565

[2.36.12-4]

  • Install missing test image Related: #1625683
  • Fix up tests.yml

[2.36.12-3]

  • rebuild

gdm [3.28.3-22]

  • Ensure user session is killed with its worker and that all user sessions are cleaned up on shutdown Resolves: #1690714

[3.28.3-21]

  • Drop gdm-screenshot Resolves: #1680164

gjs [1.56.2-3]

  • Rebuild for mozjs60 s390x fixes
  • Related: #1746889

[1.56.2-1]

  • Update to 1.56.2 Resolves: #1698923

gnome-control-center [3.28.2-5]

  • Update wacom panel to newer 'output' setting
  • Resolves: #1718133

gnome-desktop3 [3.32.2-1]

  • Rebase to 3.32.2 Resolves: #1719241

[3.28.2-2]

  • rebuild

gnome-remote-desktop [0.1.6-5]

  • Bump the version to make gating happy - thats bug 1681618
  • Resolves: rhbz#1713330

[0.1.6-4]

  • Backport password override test helper (rhbz#1713330)

gnome-settings-daemon gnome-shell [3.32.2-9]

  • Depend on correct gsettings-desktop-schemas version Related: #1704355

[3.32.2-8]

  • Depend on required gsettings-desktop-schemas version Related: #1704355

[3.32.2-7]

  • Make the hot corner optional Resolves: #1704355

[3.32.2-6]

  • Fix warnings triggered by spurious allocations Resolves: #1719279

[3.32.2-5]

  • Fix infinite loop in spinner animation Resolves: #1725555

[3.32.2-4]

  • Adjust more shortcut handlers for horizontal workspaces Related: #1704360

[3.32.2-3]

  • Support horizontal workspaces in gestures/keybindings/animations Related: #1704360

[3.32.2-2]

  • Adjust downstream patch to mutter changes Resolves: #1715738

[3.32.2-1]

  • Update to 3.32.2 Resolves: #1698520

gnome-shell-extensions [3.32.1-10]

  • Drop obsolete downstream style patch
  • Keep classic notification styling Related: #1731372

[3.32.1-9]

  • Backport classic style improvements Resolves: #1726093

[3.32.1-8]

  • Allow closing window picker with Escape Resolves: #1725854

[3.32-1-7]

  • Add window thumbnails to workspace switcher Resolves: #1723467
  • Fix apps-menu not disabling itself entirely Resolves: #1722047

[3.32-1-6]

  • Fix new classic mode issues:
    • stray signal handler with overlay key Resolves: #1722844
    • improve DND support:
      • dont consider regular windows (it doesnt work well, and GNOME 2 didnt support it either)
      • indicate that workspace thumbs are drop targets Related: #1704360

[3.32.1-5]

  • Small refinements after design feedback:
    • use default icon size in picker button to avoid blurriness
    • use shortcut to open window picker Resolves: #1721195

[3.32.1-4]

  • Dont add apps-menu logo when activities button is present Resolves: #1721195

[3.32.1-3]

  • Make classic mode more classic Resolves: #1704360

[3.32.1-2]

  • Fix top-icons sizing issue Resolves: #1715765

[3.32.1-1]

  • Update to 3.32.1 Resolves: #1713453

gnome-software [3.30.6-2]

  • Hide addons that are not available in repos
  • Resolves: #1719779

gnome-tweaks [3.28.1-6]

  • top-bar: Drop ApplicationMenu tweak
  • Resolves: #1726656

[3.28.1-5]

  • settings: Drop override settings support
  • Resolves: #1725741

[3.28.1-4]

  • extensions: Fix opening system installed extensions in gnome-software
  • Resolves: #1721575

[3.28.1-3]

  • Fix reflect extension status in the UI
  • Resolves: #1679127

[3.28.1-2]

  • Reflect extension status in the UI
  • Resolves: #1679127

gsettings-desktop-schemas [3.32-0-3]

  • Backport 'enable-hot-corners' setting Resolves: #1704355

[3.32.0-2]

  • Restore previous monospace font default Resolves: #1715761

[3.32.0-1]

  • Update to 3.32.0 Resolves: #1698930

[3.28.1-2]

  • Add mount-removable-storage-devices-as-read-only option
  • Resovles: #1709937

gtk3 [3.22.30-4]

  • Include headerbar buttons in accessibility (rhbz#1723836)

gvfs [1.36.2-6]

  • Prevent spawning new daemons if outgoing operation exists (#1739117)
  • Force NT1 protocol version for workgroup support (#1739116)

[1.36.2-5]

  • CVE-2019-12795 Check that the connecting client is the same user (#1729885)

[1.36.2-4]

  • Handle lockdown option to disable writing (#1662193)

[1.36.2-3]

  • CVE-2019-3827: Prevent access if any authentication agent isnt available (#1673888)

mozjs60 [60.9.0-3]

  • Fix multilib conflicts in js-config.h

[60.9.0-2]

  • Backport patches for s390x support
  • Resolves: #1746889

mutter [3.32.2-10]

  • Dont focus or activate unmanaging windows Resolves: #1741547

[3.32.2-9]

  • Another 16bpp graphics card crash Related: #1735382 Resolves: #1737326

[3.32.2-8]

  • Fix crash in window icon handling on 16bpp graphics cards Resolves: #1735382

[3.32.2-7]

  • Fix bug leading to 100% cpu usage on suspend/resume Resolves: #1724551

[3.32.2-6]

  • Dont ignore current mode when deriving current config Resolves: #1690506

[3.32.2-5]

  • Ensure pad XDevices do not get buttons remapped Resolves: #1687949

[3.32.2-4]

  • Expose workspace layout as properties Related: #1704360

[3.32.2-3]

  • Avoid arch-specific bits in header comments Related: #1698884

[3.32.2-2]

  • Fix a couple of issues pointed out by covscan Resolves: #1698884

[3.32.2-1]

  • Update to 3.32.2 Resolves: #1698884

nautilus [3.28.1-10]

  • Add screenshots for GNOME Software in Appdata file (rhbz#1725107)
  • Add website link to About dialog (rhbz#1725101)
  • Use Files instead of Nautilus in Appdata file (rhbz#1725120)
  • Add nautilus-autorun-software man page (rhbz#1725766)

[3.28.1-9]

  • Fix criticals when connecting to remote locations (rhbz#1643175)
  • Remove geometry option from man page (rhbz#1612852)

[3.26.1-8]

  • Remove NFS support strings, since libnfs is not in RHEL Resolves: RHBZ#1704704

[3.28.1-7]

  • Disable extension doc generation, since generated files differ and rpmlint fails when checking that both architectures of the -devel library generate the same files. Its an issue in docbook, used by gtk-doc, and althought fixed upstream they didnt have a new release yet. https://github.com/docbook/xslt10-stylesheets/issues/54 Resolves: RHBZ#1667136

[3.28.1-6]

  • Implement support for desktop icons renaming Resolves: RHBZ#1667136

pango [1.42.4-6]

  • Rebuild
  • Resolves: #1738462

pidgin [2.13.0-5]

  • Drop ICQ support in RHEL and port Jabber to GHmac
  • Update License Resolves: #1637801

plymouth SDL [1.2.15-35]

  • Rebuild after gating
  • Resolves: rhbz#1602687

[1.2.15-34]

  • Rebuild
  • Resolves: rhbz#1602687

[1.2.15-33]

  • Small fixes for problems found by coverity
  • Resolves: rhbz#1602687

wayland-protocols [1.17-1]

  • Update to 1.17 Resolves: #1713685

webkit2gtk3 [2.24.3-1]

  • Resolves: rhbz#1728277 Update to 2.24.3

[2.24.2-2]

  • Related: rhbz#1696708 Use enchant instead of enchant-2 on aarch64 and s390x

[2.24.2-1]

  • Resolves: rhbz#1696708 Rebase to 2.24.2
  • Resolves: rhbz#1592271 Switch to Python 3 for build

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

SDL

1.2.15-35.el8

SDL-devel

1.2.15-35.el8

appstream-data

8-20190805.el8

baobab

3.28.0-2.el8

chrome-gnome-shell

10.1-6.el8

evince-libs

3.28.4-3.el8

file-roller

3.28.1-2.el8

gdk-pixbuf2

2.36.12-5.el8

gdk-pixbuf2-devel

2.36.12-5.el8

gdk-pixbuf2-modules

2.36.12-5.el8

gdk-pixbuf2-xlib

2.36.12-5.el8

gdk-pixbuf2-xlib-devel

2.36.12-5.el8

gjs

1.56.2-3.el8

gjs-devel

1.56.2-3.el8

gnome-classic-session

3.32.1-10.el8

gnome-desktop3

3.32.2-1.el8

gnome-desktop3-devel

3.32.2-1.el8

gnome-shell-extension-apps-menu

3.32.1-10.el8

gnome-shell-extension-auto-move-windows

3.32.1-10.el8

gnome-shell-extension-common

3.32.1-10.el8

gnome-shell-extension-dash-to-dock

3.32.1-10.el8

gnome-shell-extension-desktop-icons

3.32.1-10.el8

gnome-shell-extension-disable-screenshield

3.32.1-10.el8

gnome-shell-extension-drive-menu

3.32.1-10.el8

gnome-shell-extension-horizontal-workspaces

3.32.1-10.el8

gnome-shell-extension-launch-new-instance

3.32.1-10.el8

gnome-shell-extension-native-window-placement

3.32.1-10.el8

gnome-shell-extension-no-hot-corner

3.32.1-10.el8

gnome-shell-extension-panel-favorites

3.32.1-10.el8

gnome-shell-extension-places-menu

3.32.1-10.el8

gnome-shell-extension-screenshot-window-sizer

3.32.1-10.el8

gnome-shell-extension-systemMonitor

3.32.1-10.el8

gnome-shell-extension-top-icons

3.32.1-10.el8

gnome-shell-extension-updates-dialog

3.32.1-10.el8

gnome-shell-extension-user-theme

3.32.1-10.el8

gnome-shell-extension-window-grouper

3.32.1-10.el8

gnome-shell-extension-window-list

3.32.1-10.el8

gnome-shell-extension-windowsNavigator

3.32.1-10.el8

gnome-shell-extension-workspace-indicator

3.32.1-10.el8

gsettings-desktop-schemas

3.32.0-3.el8

gsettings-desktop-schemas-devel

3.32.0-3.el8

gtk-update-icon-cache

3.22.30-4.el8

gtk3

3.22.30-4.el8

gtk3-devel

3.22.30-4.el8

gtk3-immodule-xim

3.22.30-4.el8

gvfs

1.36.2-6.el8

gvfs-client

1.36.2-6.el8

gvfs-devel

1.36.2-6.el8

gvfs-fuse

1.36.2-6.el8

gvfs-gphoto2

1.36.2-6.el8

gvfs-mtp

1.36.2-6.el8

gvfs-smb

1.36.2-6.el8

libpurple

2.13.0-5.el8

libpurple-devel

2.13.0-5.el8

mozjs60

60.9.0-3.0.1.el8

mozjs60-devel

60.9.0-3.0.1.el8

pango

1.42.4-6.el8

pango-devel

1.42.4-6.el8

plymouth

0.9.3-15.0.1.el8

plymouth-core-libs

0.9.3-15.0.1.el8

plymouth-graphics-libs

0.9.3-15.0.1.el8

plymouth-plugin-fade-throbber

0.9.3-15.0.1.el8

plymouth-plugin-label

0.9.3-15.0.1.el8

plymouth-plugin-script

0.9.3-15.0.1.el8

plymouth-plugin-space-flares

0.9.3-15.0.1.el8

plymouth-plugin-throbgress

0.9.3-15.0.1.el8

plymouth-plugin-two-step

0.9.3-15.0.1.el8

plymouth-scripts

0.9.3-15.0.1.el8

plymouth-system-theme

0.9.3-15.0.1.el8

plymouth-theme-charge

0.9.3-15.0.1.el8

plymouth-theme-fade-in

0.9.3-15.0.1.el8

plymouth-theme-script

0.9.3-15.0.1.el8

plymouth-theme-solar

0.9.3-15.0.1.el8

plymouth-theme-spinfinity

0.9.3-15.0.1.el8

plymouth-theme-spinner

0.9.3-15.0.1.el8

wayland-protocols-devel

1.17-1.el8

webkit2gtk3

2.24.3-1.el8

webkit2gtk3-devel

2.24.3-1.el8

webkit2gtk3-jsc

2.24.3-1.el8

webkit2gtk3-jsc-devel

2.24.3-1.el8

webkit2gtk3-plugin-process-gtk2

2.24.3-1.el8

Oracle Linux x86_64

SDL

1.2.15-35.el8

SDL-devel

1.2.15-35.el8

accountsservice

0.6.50-7.el8

accountsservice-devel

0.6.50-7.el8

accountsservice-libs

0.6.50-7.el8

appstream-data

8-20190805.el8

baobab

3.28.0-2.el8

chrome-gnome-shell

10.1-6.el8

evince

3.28.4-3.el8

evince-browser-plugin

3.28.4-3.el8

evince-libs

3.28.4-3.el8

evince-nautilus

3.28.4-3.el8

file-roller

3.28.1-2.el8

gdk-pixbuf2

2.36.12-5.el8

gdk-pixbuf2-devel

2.36.12-5.el8

gdk-pixbuf2-modules

2.36.12-5.el8

gdk-pixbuf2-xlib

2.36.12-5.el8

gdk-pixbuf2-xlib-devel

2.36.12-5.el8

gdm

3.28.3-22.el8

gjs

1.56.2-3.el8

gjs-devel

1.56.2-3.el8

gnome-classic-session

3.32.1-10.el8

gnome-control-center

3.28.2-5.el8

gnome-control-center-filesystem

3.28.2-5.el8

gnome-desktop3

3.32.2-1.el8

gnome-desktop3-devel

3.32.2-1.el8

gnome-remote-desktop

0.1.6-5.el8

gnome-settings-daemon

3.32.0-4.0.1.el8

gnome-shell

3.32.2-9.el8

gnome-shell-extension-apps-menu

3.32.1-10.el8

gnome-shell-extension-auto-move-windows

3.32.1-10.el8

gnome-shell-extension-common

3.32.1-10.el8

gnome-shell-extension-dash-to-dock

3.32.1-10.el8

gnome-shell-extension-desktop-icons

3.32.1-10.el8

gnome-shell-extension-disable-screenshield

3.32.1-10.el8

gnome-shell-extension-drive-menu

3.32.1-10.el8

gnome-shell-extension-horizontal-workspaces

3.32.1-10.el8

gnome-shell-extension-launch-new-instance

3.32.1-10.el8

gnome-shell-extension-native-window-placement

3.32.1-10.el8

gnome-shell-extension-no-hot-corner

3.32.1-10.el8

gnome-shell-extension-panel-favorites

3.32.1-10.el8

gnome-shell-extension-places-menu

3.32.1-10.el8

gnome-shell-extension-screenshot-window-sizer

3.32.1-10.el8

gnome-shell-extension-systemMonitor

3.32.1-10.el8

gnome-shell-extension-top-icons

3.32.1-10.el8

gnome-shell-extension-updates-dialog

3.32.1-10.el8

gnome-shell-extension-user-theme

3.32.1-10.el8

gnome-shell-extension-window-grouper

3.32.1-10.el8

gnome-shell-extension-window-list

3.32.1-10.el8

gnome-shell-extension-windowsNavigator

3.32.1-10.el8

gnome-shell-extension-workspace-indicator

3.32.1-10.el8

gnome-software

3.30.6-2.el8

gnome-software-editor

3.30.6-2.el8

gnome-tweaks

3.28.1-6.el8

gsettings-desktop-schemas

3.32.0-3.el8

gsettings-desktop-schemas-devel

3.32.0-3.el8

gtk-update-icon-cache

3.22.30-4.el8

gtk3

3.22.30-4.el8

gtk3-devel

3.22.30-4.el8

gtk3-immodule-xim

3.22.30-4.el8

gvfs

1.36.2-6.el8

gvfs-afc

1.36.2-6.el8

gvfs-afp

1.36.2-6.el8

gvfs-archive

1.36.2-6.el8

gvfs-client

1.36.2-6.el8

gvfs-devel

1.36.2-6.el8

gvfs-fuse

1.36.2-6.el8

gvfs-goa

1.36.2-6.el8

gvfs-gphoto2

1.36.2-6.el8

gvfs-mtp

1.36.2-6.el8

gvfs-smb

1.36.2-6.el8

libpurple

2.13.0-5.el8

libpurple-devel

2.13.0-5.el8

mozjs60

60.9.0-3.0.1.el8

mozjs60-devel

60.9.0-3.0.1.el8

mutter

3.32.2-10.el8

mutter-devel

3.32.2-10.el8

nautilus

3.28.1-10.el8

nautilus-devel

3.28.1-10.el8

nautilus-extensions

3.28.1-10.el8

pango

1.42.4-6.el8

pango-devel

1.42.4-6.el8

pidgin

2.13.0-5.el8

pidgin-devel

2.13.0-5.el8

plymouth

0.9.3-15.0.1.el8

plymouth-core-libs

0.9.3-15.0.1.el8

plymouth-graphics-libs

0.9.3-15.0.1.el8

plymouth-plugin-fade-throbber

0.9.3-15.0.1.el8

plymouth-plugin-label

0.9.3-15.0.1.el8

plymouth-plugin-script

0.9.3-15.0.1.el8

plymouth-plugin-space-flares

0.9.3-15.0.1.el8

plymouth-plugin-throbgress

0.9.3-15.0.1.el8

plymouth-plugin-two-step

0.9.3-15.0.1.el8

plymouth-scripts

0.9.3-15.0.1.el8

plymouth-system-theme

0.9.3-15.0.1.el8

plymouth-theme-charge

0.9.3-15.0.1.el8

plymouth-theme-fade-in

0.9.3-15.0.1.el8

plymouth-theme-script

0.9.3-15.0.1.el8

plymouth-theme-solar

0.9.3-15.0.1.el8

plymouth-theme-spinfinity

0.9.3-15.0.1.el8

plymouth-theme-spinner

0.9.3-15.0.1.el8

wayland-protocols-devel

1.17-1.el8

webkit2gtk3

2.24.3-1.el8

webkit2gtk3-devel

2.24.3-1.el8

webkit2gtk3-jsc

2.24.3-1.el8

webkit2gtk3-jsc-devel

2.24.3-1.el8

webkit2gtk3-plugin-process-gtk2

2.24.3-1.el8

Связанные CVE

CVE-2019-12795
CVE-2019-11459

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-12795

CVSS3: 7.8
ubuntu
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

redhat логотип

CVE-2019-12795

CVSS3: 4.5
redhat
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

nvd логотип

CVE-2019-12795

CVSS3: 7.8
nvd
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

debian логотип

CVE-2019-12795

CVSS3: 7.8
debian
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...

ubuntu логотип

CVE-2019-11459

CVSS3: 5.5
ubuntu
около 6 лет назад

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.