Описание
Security update for gnome-shell
This update for gnome-shell fixes the following issues:
- CVE-2024-36472: Fixed portal helper automatically launched without user confirmation (bsc#1225567)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
gnome-extensions-41.9-150400.3.11.1
gnome-shell-41.9-150400.3.11.1
gnome-shell-devel-41.9-150400.3.11.1
gnome-shell-lang-41.9-150400.3.11.1
SUSE Linux Enterprise Workstation Extension 15 SP5
gnome-shell-calendar-41.9-150400.3.11.1
openSUSE Leap 15.5
gnome-extensions-41.9-150400.3.11.1
gnome-shell-41.9-150400.3.11.1
gnome-shell-calendar-41.9-150400.3.11.1
gnome-shell-devel-41.9-150400.3.11.1
gnome-shell-lang-41.9-150400.3.11.1
Ссылки
- Link for SUSE-SU-2024:2618-1
- E-Mail link for SUSE-SU-2024:2618-1
- SUSE Security Ratings
- SUSE Bug 1225567
- SUSE CVE CVE-2024-36472 page
Описание
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-extensions-41.9-150400.3.11.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-shell-41.9-150400.3.11.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-shell-devel-41.9-150400.3.11.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-shell-lang-41.9-150400.3.11.1
Ссылки
- CVE-2024-36472
- SUSE Bug 1225567