Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorycriticalnetwork threatMageia 9 MGASA-2024-0314 Critical gnome-shell JavaScript Threat
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the . MGASA-2024-0314 - Updated gnome-shell packages fix security vulnerability Publication date: 27 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0314.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-36472 In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. (CVE-2024-36472) References: - https://bugs.mageia.org/show_bug.cgi?id=33434 - https://lists.suse.com/pipermail/sle-updates/2024-July/036098.html - https://ubuntu.com/security/notices/USN-6963-1 - https://www.cve.org/CVERecord?id=CVE-2024-36472 SRPMS: - 9/core/gnome-shell-44.2-1.2.mga9 . Revised gnome-shell updates for Mageia address security vulnerabilities and resource concerns. Release date: 27 Sep 2024.. Gnome Shell Security,Mageia Advisory,JavaScript Threats,Network Vulnerabilities,Resource Risks. . Severity: Critical. LinuxSecurity.com Team
Sep 27, 2024
•Critical
Mageia
203
security advisorycriticallocal accessMageia 9 MGASA-2023-0311 Critical: Gnome Shell Local Access Risk
The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. . MGASA-2023-0311 - Updated gnome-shell packages fix a security vulnerability Publication date: 09 Nov 2023 URL: https://advisories.mageia.org/MGASA-2023-0311.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-43090 The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. (CVE-2023-43090) References: - https://bugs.mageia.org/show_bug.cgi?id=32320 - https://ubuntu.com/security/notices/USN-6395-1 - https://www.cve.org/CVERecord?id=CVE-2023-43090 SRPMS: - 9/core/gnome-shell-44.2-1.1.mga9 . Revised gnome-shell installations address a vulnerability affecting local session entry. Important specifics outlined.. Gnome Shell Security Update, Mageia Security Advisory, Local User Access Risk. . Severity: Critical. LinuxSecurity.com Team
Nov 09, 2023
•Critical
Mageia
172
security advisorylocal threatlow severityUbuntu 23.04 USN-6395-1 Low Severity: GNOME Shell Local Threat
GNOME Shell could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-6395-1 September 21, 2023 gnome-shell vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 Summary: GNOME Shell could be made to expose sensitive information. Software Description: - gnome-shell: graphical shell for the GNOME desktop Details: Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: gnome-shell 44.3-0ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6395-1 CVE-2023-43090 Package Information: https://launchpad.net/ubuntu/+source/gnome-shell/44.3-0ubuntu1.1 . The Ubuntu Security Advisory USN-6396-1 highlights a vulnerability in the GNOME Desktop environment that may lead to unauthorized data exposure, necessitating immediate updates.. GNOME Shell, Security Update, Sensitive Information, Local Attack, Ubuntu Security Notice. . Severity: Low. LinuxSecurity.com Team
Sep 21, 2023
•Low
Ubuntu
91
security advisorydenial of servicegentooGentoo: GLSA-202208-33 Normal: Gnome Shell Denial Of Service
A vulnerability has been found in libcroco which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gnome Shell, gettext, libcroco: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #722752, #755848, #769998 ID: 202208-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been found in libcroco which could result in denial of service. Background ========= GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. gettext contains the GNU locale utilities. libcroco is a standalone CSS2 parsing and manipulation library. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libcroco < 0.6.13 > = 0.6.13 2 gnome-base/gnome-shell < 3.36.7 > = 3.36.7 3 sys-devel/gettext < 0.21 > = 0.21 Description ========== The cr_parser_parse_any_core function in libcroco's cr-parser.c does not limit recursion, leading to a denial of service via a stack overflow when trying to parse crafted CSS. Gnome Shell and gettext bundle libcroco in their own sources and thus are potentially vulnerable as well. Impact ===== An attacker with control over the input to the library can cause a denial of service. Workaround ========= There is no known workaround at this time. Resolution ========= All gettext users should upgrade tothe latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-devel/gettext-0.21" All Gnome Shell users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gnome-base/gnome-shell-3.36.7" All libcroco users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/libcroco-0.6.13" References ========= [ 1 ] CVE-2020-12825 https://nvd.nist.gov/vuln/detail/CVE-2020-12825 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-33 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 20, 2022
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!