RHSA-2020:1766-01 -- Redhat LibRaw, accountsservice, appstream-data, clutter, evince, gdm, gjs, gnome-boxes, gnome-control-center, gnome-menus, gnome-online-accounts, gnome-remote-desktop, gnome-session, gnome-settings-daemon, gnome-shell, gnome-software, gnome-terminal, gnome-tweaks, gtk3, libvncserver, mutter, nautilus, vinagre, baobab, gvfs, gsettings-desktop-schemas, libxslt, mozjs52, mozjs60, valaID: oval:org.secpod.oval:def:69544 | Date: (C)2021-03-02 (M)2023-12-20 |
Class: PATCH | Family: unix |
GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix: * LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp * gdm: lock screen bypass when timed login is enabled * gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c * gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write * gvfs: mishandling of file"s user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed :
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
LibRaw |
accountsservice |
appstream-data |
clutter |
evince |
gdm |
gjs |
gnome-boxes |
gnome-control-center |
gnome-menus |
gnome-online-accounts |
gnome-remote-desktop |
gnome-session |
gnome-settings-daemon |
gnome-shell |
gnome-software |
gnome-terminal |
gnome-tweaks |
gtk3 |
libvncserver |
mutter |
nautilus |
vinagre |
baobab |
gvfs |
gsettings-desktop-schemas |
libxslt |
mozjs52 |
mozjs60 |