RHSA-2018:3140-01 -- Redhat PackageKit, accountsservice, adwaita-icon-theme, appstream-data, at-spi2-atk, at-spi2-core, atk, baobab, bolt, brasero, cairo, cheese, clutter-gst3, compat-exiv2-023, control-center, dconf, dconf-editor, ekiga, empathy, eog, evince, evolution, evolution-data-server, evolution-ews, evolution-mapi, file-roller, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk-pixbuf2, gdm, gedit, gedit-plugins, geoclue2, geocode-glib, gjs, glade, glib-networking, glib2, glibmm24, gnome-bluetooth, gnome-boxes, gnome-calculator, gnome-clocks, gnome-color-manager, gnome-contacts, gnome-desktop3, gnome-dictionary, gnome-disk-utility, gnome-documents, gnome-font-viewer, gnome-getting-started-docs, gnome-initial-setup, gnome-keyring, gnome-online-accounts, gnome-online-miners, gnome-packagekit, gnome-screenshot, gnome-session, gnome-settings-daemon, gnome-shell, gnome-shell-extensions, gnome-software, gnome-system-monitor, gnome-terminal, gnome-themes-standard, gnome-tweak-tool, gnome-user-docs, gnote, gobject-introspection, gom, google-noto-emoji-fonts, grilo, grilo-plugins, gsettings-desktop-schemas, gspell, gssdp, gstreamer1-plugins-base, gtk3, gtksourceview3, gucharmap, gupnp, gupnp-igd, gvfs, harfbuzz, json-glib, libappstream-glib, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libjpeg-turbo, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwnck3, mozjs52, mutter, nautilus, nautilus-sendto, openchange, osinfo-db, pango, poppler, pyatspi, redhat-logos, rest, rhythmbox, seahorse-nautilus, shotwell, sushi, totem, totem-pl-parser, upower, vino, vte291, wayland, wayland-protocols, webkitgtk4, xdg-desktop-portal, xdg-desktop-portal-gtk, yelp, yelp-xsl, zenity, devhelp, gnome-backgrounds, gtk-doc, vala, yelp-tools, gnome-devel-docs
GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix: * libsoup: Crash in soup_cookie_jar.c:get_cookies on empty hostnames * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph function allows denial of service * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength allows for denial of service via crafted PDF * poppler: out of bounds read in pdfunite For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank chenyuan for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
|
 |
30479 |
 |
423868 |
 |
248364 |
 |
909 |
 |
195388 |
 |
282 |
