RHSA-2018:3140-01 -- Redhat PackageKit, accountsservice, adwaita-icon-theme, appstream-data, at-spi2-atk, at-spi2-core, atk, baobab, bolt, brasero, cairo, cheese, clutter-gst3, compat-exiv2-023, control-center, dconf, dconf-editor, ekiga, empathy, eog, evince, evolution, evolution-data-server, evolution-ews, evolution-mapi, file-roller, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk-pixbuf2, gdm, gedit, gedit-plugins, geoclue2, geocode-glib, gjs, glade, glib-networking, glib2, glibmm24, gnome-bluetooth, gnome-boxes, gnome-calculator, gnome-clocks, gnome-color-manager, gnome-contacts, gnome-desktop3, gnome-dictionary, gnome-disk-utility, gnome-documents, gnome-font-viewer, gnome-getting-started-docs, gnome-initial-setup, gnome-keyring, gnome-online-accounts, gnome-online-miners, gnome-packagekit, gnome-screenshot, gnome-session, gnome-settings-daemon, gnome-shell, gnome-shell-extensions, gnome-software, gnome-system-monitor, gnome-terminal, gnome-themes-standard, gnome-tweak-tool, gnome-user-docs, gnote, gobject-introspection, gom, google-noto-emoji-fonts, grilo, grilo-plugins, gsettings-desktop-schemas, gspell, gssdp, gstreamer1-plugins-base, gtk3, gtksourceview3, gucharmap, gupnp, gupnp-igd, gvfs, harfbuzz, json-glib, libappstream-glib, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libjpeg-turbo, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwnck3, mozjs52, mutter, nautilus, nautilus-sendto, openchange, osinfo-db, pango, poppler, pyatspi, redhat-logos, rest, rhythmbox, seahorse-nautilus, shotwell, sushi, totem, totem-pl-parser, upower, vino, vte291, wayland, wayland-protocols, webkitgtk4, xdg-desktop-portal, xdg-desktop-portal-gtk, yelp, yelp-xsl, zenity, devhelp, gnome-backgrounds, gtk-doc, vala, yelp-tools, gnome-devel-docsID: oval:org.secpod.oval:def:68481 | Date: (C)2021-01-22 (M)2023-11-18 | Class: PATCH | Family: unix |
GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix: * libsoup: Crash in soup_cookie_jar.c:get_cookies on empty hostnames * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph function allows denial of service * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength allows for denial of service via crafted PDF * poppler: out of bounds read in pdfunite For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank chenyuan for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. Platform: | Red Hat Enterprise Linux 7 |
Product: | PackageKit | accountsservice | adwaita-icon-theme | appstream-data | at-spi2-atk | at-spi2-core | atk | baobab | bolt | brasero | cairo | cheese | clutter-gst3 | compat-exiv2-023 | control-center | dconf | dconf-editor | ekiga | empathy | eog | evince | evolution | evolution-data-server | evolution-ews | evolution-mapi | file-roller | flatpak | folks | fontconfig | freetype | fribidi | fwupd | fwupdate | gcr | gdk-pixbuf2 | gdm | gedit | gedit-plugins | geoclue2 | geocode-glib | gjs | glade | glib-networking | glib2 | glibmm24 | gnome-bluetooth | gnome-boxes | gnome-calculator | gnome-clocks | gnome-color-manager | gnome-contacts | gnome-desktop3 | gnome-dictionary | gnome-disk-utility | gnome-documents | gnome-font-viewer | gnome-getting-started-docs | gnome-initial-setup | gnome-keyring | gnome-online-accounts | gnome-online-miners | gnome-packagekit | gnome-screenshot | gnome-session | gnome-settings-daemon | gnome-shell | gnome-shell-extensions | gnome-software | gnome-system-monitor | gnome-terminal | gnome-themes-standard | gnome-tweak-tool | gnome-user-docs | gnote | gobject-introspection | gom | google-noto-emoji-fonts | grilo | grilo-plugins | gsettings-desktop-schemas | gspell | gssdp | gstreamer1-plugins-base | gtk3 | gtksourceview3 | gucharmap | gupnp | gupnp-igd | gvfs | harfbuzz | json-glib | libappstream-glib | libchamplain | libcroco | libgdata | libgee | libgepub | libgexiv2 | libgnomekbd | libgovirt | libgtop2 | libgweather | libgxps | libical | libjpeg-turbo | libmediaart | libosinfo | libpeas | librsvg2 | libsecret | libsoup | libwnck3 | mozjs52 | mutter | nautilus | nautilus-sendto | openchange | osinfo-db | pango | poppler | pyatspi | redhat-logos | rest | rhythmbox | seahorse-nautilus | shotwell | sushi | totem | totem-pl-parser | upower | vino | vte291 | wayland | wayland-protocols | webkitgtk4 | xdg-desktop-portal | xdg-desktop-portal-gtk | yelp | yelp-xsl | zenity | yelp-tools |
|