Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Enterprise Linux 8: RHSA-2019-3553-01 Low: GNOME Security Update

red hat
Calendar Grey November 5, 2019
Dist Redhat Esm H88
Canonical issues security bulletin for minimal risk KDE improvement, tackling essential security vulnerabilities.
An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

GNOME is the default desktop environment of Red Hat Enterprise Linux.
Security Fix(es):
* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)
* gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory security update bug fix Red Hat Enterprise Linux low severity authorization issue GNOME security

References

https://access.redhat.com/security/cve/CVE-2019-11459 https://access.redhat.com/security/cve/CVE-2019-12795 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: SDL-1.2.15-35.el8.src.rpm accountsservice-0.6.50-7.el8.src.rpm appstream-data-8-20190805.el8.src.rpm baobab-3.28.0-2.el8.src.rpm chrome-gnome-shell-10.1-6.el8.src.rpm evince-3.28.4-3.el8.src.rpm file-roller-3.28.1-2.el8.src.rpm gdm-3.28.3-22.el8.src.rpm gjs-1.56.2-3.el8.src.rpm gnome-control-center-3.28.2-5.el8.src.rpm gnome-desktop3-3.32.2-1.el8.src.rpm gnome-remote-desktop-0.1.6-5.el8.src.rpm gnome-settings-daemon-3.32.0-4.el8.src.rpm gnome-shell-3.32.2-9.el8.src.rpm gnome-shell-extensions-3.32.1-10.el8.src.rpm gnome-software-3.30.6-2.el8.src.rpm gnome-tweaks-3.28.1-6.el8.src.rpm gtk3-3.22.30-4.el8.src.rpm gvfs-1.36.2-6.el8.src.rpm mutter-3.32.2-10.el8.src.rpm nautilus-3.28.1-10.el8.src.rpm pango-1.42.4-6.el8.src.rpm pidgin-2.13.0-5.el8.src.rpm plymouth-0.9.3-15.el8.src.rpm wayland-protocols-1.17-1.el8.src.rpm webkit2gtk3-2.24.3-1.el8.src.rpm
aarch64: SDL-1.2.15-35.el8.aarch64.rpm SDL-debuginfo-1.2.15-35.el8.aarch64.rpm SDL-debugsource-1.2.15-35.el8.aarch64.rpm SDL-devel-1.2.15-35.el8.aarch64.rpm baobab-3.28.0-2.el8.aarch64.rpm baobab-debuginfo-3.28.0-2.el8.aarch64.rpm baobab-debugsource-3.28.0-2.el8.aarch64.rpm evince-browser-plugin-debuginfo-3.28.4-3.el8.aarch64.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:3553-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3553
Issue date: 2019-11-05

Topic

An update for GNOME is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update bug fix Red Hat Enterprise Linux low severity authorization issue GNOME security

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1662193 - [RFE] Read-Only lockdown for removable drives

1667136 - Backport rename support for desktop icons

1673011 - Appstream-data Needs refresh for RHEL 8

1674382 - Gnome session locks after login

1679127 - tweaks extensions status do not reflect reality

1680164 - gdm-screenshot doesn't work, we should drop it or fix it (or something)

1685811 - pango_fc_font_key_get_variations(key) causing crash when key is null

1687949 - [X11 Session] Pressing any Button on a Wacom Pen Tablet Buttons causes Core Dump

1690506 - [RHEL 8.1] mutter ignores multi-monitor layout defined in xorg.conf

1696708 - Rebase WebKitGTK to 2.24.2

1698520 - rebase gnome-shell to 3.32

1698884 - rebase mutter to 3.32

1698923 - rebase gjs to 3.32

1698929 - rebase gsd to 3.32

1698930 - rebase gsettings-desktop-schemas to 3.32

1704355 - Add an option to disable the hot corner

1704360 - A more traditional workspace switcher for classic mode

1704378 - Bring in disable-screenshield from RHEL7

1705583 - org.gnome.baobab.gschema.xml not valid against DTD

1706793 - circles wallpaper interfers with date and time on lockscreen

1709937 - Add "mount-removable-storage-devices-as-read-only" option

1713080 - [accountsservice] possible memory leak in Gnome

1713330 - Backport password override commit

1713453 - Rebase gnome-shell-extensions to 3.32

1713685 - Rebase wayland-protocols to 1.17

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here