SUSE-SU-2024:2576-1

Опубликовано: 22 июл. 2024

Источник: suse-cvrf

Описание

Security update for gnome-shell

This update for gnome-shell fixes the following issues:

CVE-2024-36472: Fixed portal helper automatically launched without user confirmation (bsc#1225567)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

gnome-extensions-45.3-150600.5.6.1

gnome-shell-45.3-150600.5.6.1

gnome-shell-devel-45.3-150600.5.6.1

gnome-shell-lang-45.3-150600.5.6.1

SUSE Linux Enterprise Workstation Extension 15 SP6

gnome-shell-calendar-45.3-150600.5.6.1

openSUSE Leap 15.6

gnome-extensions-45.3-150600.5.6.1

gnome-shell-45.3-150600.5.6.1

gnome-shell-calendar-45.3-150600.5.6.1

gnome-shell-devel-45.3-150600.5.6.1

gnome-shell-lang-45.3-150600.5.6.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242576-1/
Link for SUSE-SU-2024:2576-1
https://lists.suse.com/pipermail/sle-updates/2024-July/036098.html
E-Mail link for SUSE-SU-2024:2576-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215485
SUSE Bug 1215485
https://bugzilla.suse.com/1225567
SUSE Bug 1225567
https://www.suse.com/security/cve/CVE-2023-43090/
SUSE CVE CVE-2023-43090 page
https://www.suse.com/security/cve/CVE-2024-36472/
SUSE CVE CVE-2024-36472 page

Описание

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-extensions-45.3-150600.5.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-shell-45.3-150600.5.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-shell-devel-45.3-150600.5.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-shell-lang-45.3-150600.5.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-43090.html
CVE-2023-43090
https://bugzilla.suse.com/1215485
SUSE Bug 1215485

Описание

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-extensions-45.3-150600.5.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-shell-45.3-150600.5.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-shell-devel-45.3-150600.5.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-shell-lang-45.3-150600.5.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36472.html
CVE-2024-36472
https://bugzilla.suse.com/1225567
SUSE Bug 1225567

SUSE-SU-2024:2576-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

SUSE Linux Enterprise Workstation Extension 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2023-43090

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-36472

Описание

Затронутые продукты

Ссылки