Описание
Security update for gnome-shell
This update for gnome-shell fixes the following issues:
- CVE-2024-36472: Fixed portal helper automatically launched without user confirmation (bsc#1225567)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
gnome-shell-3.20.4-77.28.1
gnome-shell-browser-plugin-3.20.4-77.28.1
gnome-shell-lang-3.20.4-77.28.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
gnome-shell-3.20.4-77.28.1
gnome-shell-browser-plugin-3.20.4-77.28.1
gnome-shell-lang-3.20.4-77.28.1
SUSE Linux Enterprise Software Development Kit 12 SP5
gnome-shell-devel-3.20.4-77.28.1
SUSE Linux Enterprise Workstation Extension 12 SP5
gnome-shell-calendar-3.20.4-77.28.1
Ссылки
- Link for SUSE-SU-2024:2589-1
- E-Mail link for SUSE-SU-2024:2589-1
- SUSE Security Ratings
- SUSE Bug 1225567
- SUSE CVE CVE-2024-36472 page
Описание
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:gnome-shell-3.20.4-77.28.1
SUSE Linux Enterprise Server 12 SP5:gnome-shell-browser-plugin-3.20.4-77.28.1
SUSE Linux Enterprise Server 12 SP5:gnome-shell-lang-3.20.4-77.28.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:gnome-shell-3.20.4-77.28.1
Ссылки
- CVE-2024-36472
- SUSE Bug 1225567