Описание
Moderate: GNOME security, bug fix, and enhancement update
GNOME is the default desktop environment of Rocky Linux.
Security Fix(es):
-
LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337)
-
gdm: lock screen bypass when timed login is enabled (CVE-2019-3825)
-
gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447)
-
gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448)
-
gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 1365717
- Red Hat - 1656988
- Red Hat - 1658001
- Red Hat - 1661555
- Red Hat - 1666070
- Red Hat - 1668901
- Red Hat - 1671744
- Red Hat - 1672825
- Red Hat - 1674535
- Red Hat - 1684729
- Red Hat - 1687979
- Red Hat - 1690170
- Red Hat - 1692299
- Red Hat - 1710882
- Red Hat - 1715890
- Red Hat - 1716754
- Red Hat - 1716761
- Red Hat - 1716767
- Red Hat - 1716774
- Red Hat - 1719819
Связанные уязвимости
ELSA-2020-1766: GNOME security, bug fix, and enhancement update (MODERATE)
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.