RHSA-2020:4451-01 -- Centos LibRaw, PackageKit, dleyna-renderer, frei0r-plugins, gdm, gnome-control-center, gnome-photos, gnome-remote-desktop, gnome-session, gnome-settings-daemon, gnome-shell, gnome-shell-extensions, gnome-terminal, gtk3, gvfs, mutter, nautilus, pipewire, pipewire0.2, potrace, tracker, vte291, webkit2gtk3, webrtc-audio-processing, xdg-desktop-portal, xdg-desktop-portal-gtk, gsettings-desktop-schemas, libsoup, pygobject3, gtk-docID: oval:org.secpod.oval:def:68025 | Date: (C)2020-12-23 (M)2024-04-29 |
Class: PATCH | Family: unix |
GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop , pipewire , vte291 , webkit2gtk3 , xdg-desktop-portal , xdg-desktop-portal-gtk . Security Fix: * webkitgtk: Multiple security issues * gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center * LibRaw: lack of thumbnail size range check can lead to buffer overflow For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 GDM must be restarted for this update to take effect. 5. Bugs fixed : 1207179 - Select items matching non existing pattern does not unselect already selected 1566027 - can"t correctly compute contents size if hidden files are included 1569868 - Browsing samba shares using gvfs is very slow 1652178 - [RFE] perf-tool run on wayland 1656262 - The terminal"s character display is unclear on rhel8 guest after installing gnome 1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled 1692536 - login screen shows after gnome-initial-setup 1706008 - Sound Effect sometimes fails to change to selected option. 1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead. 1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined 1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly 1758891 - tracker-devel subpackage missing from el8 repos 1775345 - Rebase xdg-desktop-portal to 1.6 1778579 - Nautilus does not respect umask settings. 1779691 - Rebase xdg-desktop-portal-gtk to 1.6 1794045 - There are two different high contrast versions of desktop icons 1804719 - Update vte291 to 0.52.4 1805929 - RHEL 8.1 gnome-shell-extension errors 1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp 1814820 - No checkbox to install updates in the shutdown dialog 1816070 - quot;search for an application to open this filequot; dialog broken 1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution 1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1817143 - Rebase WebKitGTK to 2.28 1820759 - Include IO stall fixes 1820760 - Include IO fixes 1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening 1827030 - gnome-settings-daemon: subscription notification on CentOS Stream 1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content 1832347 - [Rebase] Rebase pipewire to 0.3.x 1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install 1837381 - Backport screen cast improvements to 8.3 1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version 1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6
Product: |
LibRaw |
PackageKit |
dleyna-renderer |
frei0r-plugins |
gdm |
gnome-control-center |
gnome-photos |
gnome-remote-desktop |
gnome-session |
gnome-settings-daemon |
gnome-shell |
gnome-shell-extensions |
gnome-terminal |
gtk3 |
gvfs |
mutter |
nautilus |
pipewire |
pipewire0.2 |
potrace |
tracker |
vte291 |
webkit2gtk3 |
webrtc-audio-processing |
xdg-desktop-portal |
xdg-desktop-portal-gtk |
gsettings-desktop-schemas |
libsoup |
pygobject3 |