Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Red Hat 8: RHSA-2020-1766-01 Moderate: GNOME Security Update

red hat
Calendar Grey April 28, 2020
Dist Redhat Esm H88
Update available for GNOME on RHEL 8, fixing various issues with moderate security impact.
An update for GNOME is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

GNOME is the default desktop environment of Red Hat Enterprise Linux.
Security Fix(es):
* LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337)
* gdm: lock screen bypass when timed login is enabled (CVE-2019-3825)
* gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447)
* gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448)
* gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.

References

https://access.redhat.com/security/cve/CVE-2018-20337 https://access.redhat.com/security/cve/CVE-2019-3825 https://access.redhat.com/security/cve/CVE-2019-12447 https://access.redhat.com/security/cve/CVE-2019-12448 https://access.redhat.com/security/cve/CVE-2019-12449 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-1.el8.src.rpm accountsservice-0.6.50-8.el8.src.rpm appstream-data-8-20191129.el8.src.rpm clutter-1.26.2-8.el8.src.rpm evince-3.28.4-4.el8.src.rpm gdm-3.28.3-29.el8.src.rpm gjs-1.56.2-4.el8.src.rpm gnome-boxes-3.28.5-8.el8.src.rpm gnome-control-center-3.28.2-19.el8.src.rpm gnome-menus-3.13.3-11.el8.src.rpm gnome-online-accounts-3.28.2-1.el8.src.rpm gnome-remote-desktop-0.1.6-8.el8.src.rpm gnome-session-3.28.1-8.el8.src.rpm gnome-settings-daemon-3.32.0-9.el8.src.rpm gnome-shell-3.32.2-14.el8.src.rpm gnome-software-3.30.6-3.el8.src.rpm gnome-terminal-3.28.3-1.el8.src.rpm gnome-tweaks-3.28.1-7.el8.src.rpm gtk3-3.22.30-5.el8.src.rpm libvncserver-0.9.11-14.el8.src.rpm mutter-3.32.2-34.el8.src.rpm nautilus-3.28.1-12.el8.src.rpm vinagre-3.22.0-21.el8.src.rpm baobab-3.28.0-4.el8.src.rpm gvfs-1.36.2-8.el8.src.rpm
aarch64: accountsservice-0.6.50-8.el8.aarch64.rpm accountsservice-debuginfo-0.6.50-8.el8.aarch64.rpm accountsservice-debugsource-0.6.50-8.el8.aarch64.rpm accountsservice-libs-0.6.50-8.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.50-8.el8.aarch64.rpm baobab-3.28.0-4.el8.aarch64.rpm baobab-debuginfo-3.28.0-4.el8.aarch64.rpm baobab-debugsource-3.28.0-4.el8.aarch64.rpm clutter-1.26.2-8.el8.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:1766-01
Product: Red Hat Enterprise Linux
Issue date: 2020-04-28

Topic

An update for GNOME is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1365717 - Spice Guest's resolution doesn't update after login the guest

1656988 - network: add vpn dialog looks odd

1658001 - Wacom tablet still shown after removal

1661555 - CVE-2018-20337 LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp

1666070 - Wacom Cintiq 22HD and 22HD Touch are Missing Touch Strip Mode Selection

1668901 - Cannot Add Keyboard Layout to Login Screen

1671744 - Rebase libraw to 0.19.5

1672825 - CVE-2019-3825 gdm: lock screen bypass when timed login is enabled

1674535 - Rebase to 3.28.2

1684729 - gnome-remote-desktop prompts for password after set to ask for permission

1687979 - [X11 Session] Various Wacom Screen Tablets Behave Like the Mode Strip Only has one Mode

1690170 - [nvidia binary] Panning incorrectly sets boundaries and creates artifacting outside of boundaries

1692299 - Crash of control center when wired network info window is closed while another module is in the background

1710882 - Allow multiple XDMCP sessions in parallel from the same user account

1715890 - should throw redhat-menus into a ditch

1716754 - Tapping is disabled on Wacom touchpads

1716761 - Lower stylus button does not work

1716767 - Dragging an icon with a stylus has weird side-effects

1716774 - Tablet ring mappings aren't reflected in the OSD

1719819 - Gnome garbage collection leak [rhel-8]

1720249 - Offer subscription enrollment in gnome-settings-daemon

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.