Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 40: FEDORA-2024-635a54eb7e Critical: Gnome-Shell Unicast Threat

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-635a54eb7e 2024-05-12 04:16:43.337255 -------------------------------------------------------------------------------- Name : gnome-shell Product : Fedora 40 Version : 46.1 Release : 2.fc40 URL : https://wiki.gnome.org/Projects/GnomeShell Summary : Window management and application launching for GNOME Description : GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. GNOME Shell takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a visually attractive and easy to use experience. -------------------------------------------------------------------------------- Update Information: Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature. -------------------------------------------------------------------------------- ChangeLog: * Tue May 7 2024 Michael Catanzaro - 46.1-2 - Fix screencast proxy bus name -------------------------------------------------------------------------------- References: [ 1 ] Bug #2279637 - CVE-2024-34397 glib2: Signal subscription vulnerabilities [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2279637 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-635a54eb7e' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . A patch for gnome-shell rectifies CVE-2024-34397, mitigating unicast spoofing vulnerabilities while retaining the integrity of screencast features.. gnome-shell update, Fedora security, unicast threat mitigation. . Severity: Critical. LinuxSecurity.com Team

May 12, 2024 •Critical Fedora