Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
91
security advisorydenial of servicegentooGentoo: GLSA 202408-17 Normal: Nautilus Denial of Service
A vulnerability has been discovered in Nautilus, which can lead to a denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Nautilus: Denial of Service Date: August 09, 2024 Bugs: #881509 ID: 202408-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Nautilus, which can lead to a denial of service. Background ========== Default file manager for the GNOME desktop Affected packages ================= Package Vulnerable Unaffected ------------------- ------------ ------------ gnome-base/nautilus < 44.0 > = 44.0 Description =========== Please review the CVE identifier referenced below for details. Impact ====== GNOME Nautilus allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. Workaround ========== There is no known workaround at this time. Resolution ========== All Nautilus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gnome-base/nautilus-44.0" References ========== [ 1 ] CVE-2022-37290 https://nvd.nist.gov/vuln/detail/CVE-2022-37290 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 09, 2024
Gentoo
89
security advisoryupdatecriticalFedora 36: FEDORA-2023-f81ad89b81 Critical: Nautilus 42.6 Update
Update to 42.6. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-f81ad89b81 2023-01-25 02:34:55.408530 --------------------------------------------------------------------------------Name : nautilus Product : Fedora 36 Version : 42.6 Release : 1.fc36 URL : Summary : File manager for GNOME Description : Nautilus is the file manager and graphical shell for the GNOME desktop that makes it easy to manage your files and the rest of your system. It allows to browse directories on local and remote filesystems, preview files and launch applications associated with them. It is also responsible for handling the icons on the GNOME desktop. --------------------------------------------------------------------------------Update Information: Update to 42.6 --------------------------------------------------------------------------------ChangeLog: * Mon Jan 9 2023 Ondrej Holy - 42.6-1 - Update to 42.6 --------------------------------------------------------------------------------References: [ 1 ] Bug #2149911 - CVE-2022-37290 nautilus: NULL pointer dereference via pasting crafted zip file https://bugzilla.redhat.com/show_bug.cgi?id=2149911 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f81ad89b81' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 25, 2023
•Critical
Fedora
89
security advisorycritical issueupdateFedora 37: FEDORA-2023-dbe1157188 Critical Nautilus NULL Pointer Issue
Update to 43.2. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-dbe1157188 2023-01-10 01:21:22.549914 --------------------------------------------------------------------------------Name : nautilus Product : Fedora 37 Version : 43.2 Release : 1.fc37 URL : Summary : File manager for GNOME Description : Nautilus is the file manager and graphical shell for the GNOME desktop that makes it easy to manage your files and the rest of your system. It allows to browse directories on local and remote filesystems, preview files and launch applications associated with them. It is also responsible for handling the icons on the GNOME desktop. --------------------------------------------------------------------------------Update Information: Update to 43.2 --------------------------------------------------------------------------------ChangeLog: * Sun Jan 8 2023 David King - 43.2-1 - Update to 43.2 --------------------------------------------------------------------------------References: [ 1 ] Bug #2149911 - CVE-2022-37290 nautilus: NULL pointer dereference via pasting crafted zip file https://bugzilla.redhat.com/show_bug.cgi?id=2149911 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-dbe1157188' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 10, 2023
•Critical
Fedora
172
security advisorydenial of serviceUbuntuUbuntu 22.10 USN-5786-1 Moderate: nautilus Denial Of Service Threat
GNOME Files could be made to crash if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5786-1 January 05, 2023 nautilus vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: GNOME Files could be made to crash if it opened a specially crafted file. Software Description: - nautilus: file manager and graphical shell for GNOME Details: It was discovered that GNOME Files incorrectly handled certain filenames. An attacker could possibly use this issue to cause GNOME Files to crash, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: nautilus 1:43.0-1ubuntu2.1 Ubuntu 22.04 LTS: nautilus 1:42.2-0ubuntu2.1 Ubuntu 20.04 LTS: nautilus 1:3.36.3-0ubuntu1.20.04.2 Ubuntu 18.04 LTS: nautilus 1:3.26.4-0~ubuntu18.04.6 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5786-1 CVE-2022-37290 Package Information: https://launchpad.net/ubuntu/+source/nautilus/1:43.0-1ubuntu2.1 https://launchpad.net/ubuntu/+source/nautilus/1:3.36.3-0ubuntu1.20.04.2 . GNOME Files within Ubuntu might encounter crashes due to specially designed files, necessitating updates for nautilus across multiple versions.. GNOME Files, Ubuntu Updates, Nautilus Security. . Severity: Important. LinuxSecurity.com Team
Jan 05, 2023
•Important
Ubuntu
100
security advisorydenial of servicesoftware updateSUSE: 2023:0006-1 Moderate: Nautilus Denial Of Service Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0006-1 Rating: moderate References: #1205418 Cross-References: CVE-2022-37290 CVSS scores: CVE-2022-37290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37290 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-6=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-6=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 libnautilus-extension1-41.5-150400.3.6.1 libnautilus-extension1-debuginfo-41.5-150400.3.6.1 nautilus-41.5-150400.3.6.1 nautilus-debuginfo-41.5-150400.3.6.1 nautilus-debugsource-41.5-150400.3.6.1 nautilus-devel-41.5-150400.3.6.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 - openSUSE Leap 15.4 (noarch): nautilus-lang-41.5-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 libnautilus-extension1-41.5-150400.3.6.1 libnautilus-extension1-debuginfo-41.5-150400.3.6.1 nautilus-41.5-150400.3.6.1 nautilus-debuginfo-41.5-150400.3.6.1 nautilus-debugsource-41.5-150400.3.6.1 nautilus-devel-41.5-150400.3.6.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): nautilus-lang-41.5-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-37290.html https://bugzilla.suse.com/1205418 . A new security update for Gnome Files has been issued to address a possible denial of service vulnerability in openSUSE. Apply it promptly to protect your system. SUSE Update, Nautilus Fix, Software Patch, Moderate Severity, Linux Security. . LinuxSecurity.com Team
Jan 02, 2023
SuSE
202
security advisorydenial of servicesoftware updateopenSUSE 15.4 SUSE-SU-2023:0006-1 Moderate: Nautilus Denial Of Service
An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0006-1 Rating: moderate References: #1205418 Cross-References: CVE-2022-37290 CVSS scores: CVE-2022-37290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37290 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-6=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-6=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 libnautilus-extension1-41.5-150400.3.6.1 libnautilus-extension1-debuginfo-41.5-150400.3.6.1 nautilus-41.5-150400.3.6.1 nautilus-debuginfo-41.5-150400.3.6.1 nautilus-debugsource-41.5-150400.3.6.1 nautilus-devel-41.5-150400.3.6.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 - openSUSE Leap 15.4 (noarch): nautilus-lang-41.5-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 libnautilus-extension1-41.5-150400.3.6.1 libnautilus-extension1-debuginfo-41.5-150400.3.6.1 nautilus-41.5-150400.3.6.1 nautilus-debuginfo-41.5-150400.3.6.1 nautilus-debugsource-41.5-150400.3.6.1 nautilus-devel-41.5-150400.3.6.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): nautilus-lang-41.5-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-37290.html https://bugzilla.suse.com/1205418 . SUSE Security Patch for gedit tackles CVE-2022-37300. Make certain your devices are updated to mitigate this moderate threat.. SUSE Update, Nautilus Patch, Denial Of Service, Security Advisory, Software Update. . LinuxSecurity.com Team
Jan 02, 2023
OpenSUSE
100
security advisorymoderatedenial of serviceSUSE 2022:4393-1 Moderate: Nautilus Denial of Service Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4393-1 Rating: moderate References: #1205418 Cross-References: CVE-2022-37290 CVSS scores: CVE-2022-37290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37290 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4393=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4393=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4393=1 Package List: - openSUSE Leap15.4 (x86_64): libnautilus-extension1-32bit-3.34.3-150200.4.6.1 libnautilus-extension1-32bit-debuginfo-3.34.3-150200.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 libnautilus-extension1-3.34.3-150200.4.6.1 libnautilus-extension1-debuginfo-3.34.3-150200.4.6.1 nautilus-3.34.3-150200.4.6.1 nautilus-debuginfo-3.34.3-150200.4.6.1 nautilus-debugsource-3.34.3-150200.4.6.1 nautilus-devel-3.34.3-150200.4.6.1 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 - openSUSE Leap 15.3 (x86_64): libnautilus-extension1-32bit-3.34.3-150200.4.6.1 libnautilus-extension1-32bit-debuginfo-3.34.3-150200.4.6.1 - openSUSE Leap 15.3 (noarch): nautilus-lang-3.34.3-150200.4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 libnautilus-extension1-3.34.3-150200.4.6.1 libnautilus-extension1-debuginfo-3.34.3-150200.4.6.1 nautilus-3.34.3-150200.4.6.1 nautilus-debuginfo-3.34.3-150200.4.6.1 nautilus-debugsource-3.34.3-150200.4.6.1 nautilus-devel-3.34.3-150200.4.6.1 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): nautilus-lang-3.34.3-150200.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-37290.html https://bugzilla.suse.com/1205418 . SUSE has released a crucial security patch for nautilus addressing the service interruption flaw CVE-2022-37290. Ensure you're up to date!. SUSE Security Update,Nautilus Security Fix,Denial of Service,Moderate Security Advisory. . LinuxSecurity.com Team
Dec 09, 2022
SuSE
89
security advisorycriticalFedoraFedora 34 Nautilus 2021-303f6623fa Critical: Directory Traversal
GNOME 40.rc. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-303f6623fa 2021-03-20 00:16:30.596999 --------------------------------------------------------------------------------Name : nautilus Product : Fedora 34 Version : 40~rc Release : 1.fc34 URL : Summary : File manager for GNOME Description : Nautilus is the file manager and graphical shell for the GNOME desktop that makes it easy to manage your files and the rest of your system. It allows to browse directories on local and remote filesystems, preview files and launch applications associated with them. It is also responsible for handling the icons on the GNOME desktop. --------------------------------------------------------------------------------Update Information: GNOME 40.rc --------------------------------------------------------------------------------ChangeLog: * Mon Mar 15 2021 Kalev Lember - 40~rc-1 - Update to 40.rc --------------------------------------------------------------------------------References: [ 1 ] Bug #1925640 - CVE-2020-36241 gnome-autoar: directory traversal via a malicious archive that contains a file whose parent is a symbolic link which points outside of the destination directory https://bugzilla.redhat.com/show_bug.cgi?id=1925640 [ 2 ] Bug #1940026 - CVE-2021-28650 gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations https://bugzilla.redhat.com/show_bug.cgi?id=1940026 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-303f6623fa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More detailson the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 19, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!