Oval Definition:oval:com.redhat.rhsa:def:20201766
Revision Date:2020-04-28Version:639
Title:RHSA-2020:1766: GNOME security, bug fix, and enhancement update (Moderate)
Description:GNOME is the default desktop environment of Red Hat Enterprise Linux.

Security Fix(es):

  • LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337)

  • gdm: lock screen bypass when timed login is enabled (CVE-2019-3825)

  • gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447)

  • gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448)

  • gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2018-20337
    CVE-2019-12447
    CVE-2019-12448
    CVE-2019-12449
    CVE-2019-3825
    RHSA-2020:1766
    Platform(s):Red Hat Enterprise Linux 8
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • AND
  • gvfs is earlier than 0:1.36.2-8.el8
  • AND gvfs is signed with Red Hat redhatrelease2 key
  • gvfs-afc is earlier than 0:1.36.2-8.el8
  • AND gvfs-afc is signed with Red Hat redhatrelease2 key
  • gvfs-afp is earlier than 0:1.36.2-8.el8
  • AND gvfs-afp is signed with Red Hat redhatrelease2 key
  • gvfs-archive is earlier than 0:1.36.2-8.el8
  • AND gvfs-archive is signed with Red Hat redhatrelease2 key
  • gvfs-client is earlier than 0:1.36.2-8.el8
  • AND gvfs-client is signed with Red Hat redhatrelease2 key
  • gvfs-devel is earlier than 0:1.36.2-8.el8
  • AND gvfs-devel is signed with Red Hat redhatrelease2 key
  • gvfs-fuse is earlier than 0:1.36.2-8.el8
  • AND gvfs-fuse is signed with Red Hat redhatrelease2 key
  • gvfs-goa is earlier than 0:1.36.2-8.el8
  • AND gvfs-goa is signed with Red Hat redhatrelease2 key
  • gvfs-gphoto2 is earlier than 0:1.36.2-8.el8
  • AND gvfs-gphoto2 is signed with Red Hat redhatrelease2 key
  • gvfs-mtp is earlier than 0:1.36.2-8.el8
  • AND gvfs-mtp is signed with Red Hat redhatrelease2 key
  • gvfs-smb is earlier than 0:1.36.2-8.el8
  • AND gvfs-smb is signed with Red Hat redhatrelease2 key
  • baobab is earlier than 0:3.28.0-4.el8
  • AND baobab is signed with Red Hat redhatrelease2 key
  • LibRaw is earlier than 0:0.19.5-1.el8
  • AND LibRaw is signed with Red Hat redhatrelease2 key
  • LibRaw-devel is earlier than 0:0.19.5-1.el8
  • AND LibRaw-devel is signed with Red Hat redhatrelease2 key
  • evince is earlier than 0:3.28.4-4.el8
  • AND evince is signed with Red Hat redhatrelease2 key
  • evince-browser-plugin is earlier than 0:3.28.4-4.el8
  • AND evince-browser-plugin is signed with Red Hat redhatrelease2 key
  • evince-libs is earlier than 0:3.28.4-4.el8
  • AND evince-libs is signed with Red Hat redhatrelease2 key
  • evince-nautilus is earlier than 0:3.28.4-4.el8
  • AND evince-nautilus is signed with Red Hat redhatrelease2 key
  • gnome-online-accounts is earlier than 0:3.28.2-1.el8
  • AND gnome-online-accounts is signed with Red Hat redhatrelease2 key
  • gnome-online-accounts-devel is earlier than 0:3.28.2-1.el8
  • AND gnome-online-accounts-devel is signed with Red Hat redhatrelease2 key
  • gtk-update-icon-cache is earlier than 0:3.22.30-5.el8
  • AND gtk-update-icon-cache is signed with Red Hat redhatrelease2 key
  • gtk3 is earlier than 0:3.22.30-5.el8
  • AND gtk3 is signed with Red Hat redhatrelease2 key
  • gtk3-devel is earlier than 0:3.22.30-5.el8
  • AND gtk3-devel is signed with Red Hat redhatrelease2 key
  • gtk3-immodule-xim is earlier than 0:3.22.30-5.el8
  • AND gtk3-immodule-xim is signed with Red Hat redhatrelease2 key
  • gsettings-desktop-schemas is earlier than 0:3.32.0-4.el8
  • AND gsettings-desktop-schemas is signed with Red Hat redhatrelease2 key
  • gsettings-desktop-schemas-devel is earlier than 0:3.32.0-4.el8
  • AND gsettings-desktop-schemas-devel is signed with Red Hat redhatrelease2 key
  • gnome-session is earlier than 0:3.28.1-8.el8
  • AND gnome-session is signed with Red Hat redhatrelease2 key
  • gnome-session-wayland-session is earlier than 0:3.28.1-8.el8
  • AND gnome-session-wayland-session is signed with Red Hat redhatrelease2 key
  • gnome-session-xsession is earlier than 0:3.28.1-8.el8
  • AND gnome-session-xsession is signed with Red Hat redhatrelease2 key
  • gnome-settings-daemon is earlier than 0:3.32.0-9.el8
  • AND gnome-settings-daemon is signed with Red Hat redhatrelease2 key
  • gnome-remote-desktop is earlier than 0:0.1.6-8.el8
  • AND gnome-remote-desktop is signed with Red Hat redhatrelease2 key
  • appstream-data is earlier than 0:8-20191129.el8
  • AND appstream-data is signed with Red Hat redhatrelease2 key
  • gnome-menus is earlier than 0:3.13.3-11.el8
  • AND gnome-menus is signed with Red Hat redhatrelease2 key
  • gnome-menus-devel is earlier than 0:3.13.3-11.el8
  • AND gnome-menus-devel is signed with Red Hat redhatrelease2 key
  • nautilus is earlier than 0:3.28.1-12.el8
  • AND nautilus is signed with Red Hat redhatrelease2 key
  • nautilus-devel is earlier than 0:3.28.1-12.el8
  • AND nautilus-devel is signed with Red Hat redhatrelease2 key
  • nautilus-extensions is earlier than 0:3.28.1-12.el8
  • AND nautilus-extensions is signed with Red Hat redhatrelease2 key
  • gnome-terminal is earlier than 0:3.28.3-1.el8
  • AND gnome-terminal is signed with Red Hat redhatrelease2 key
  • gnome-terminal-nautilus is earlier than 0:3.28.3-1.el8
  • AND gnome-terminal-nautilus is signed with Red Hat redhatrelease2 key
  • accountsservice is earlier than 0:0.6.50-8.el8
  • AND accountsservice is signed with Red Hat redhatrelease2 key
  • accountsservice-devel is earlier than 0:0.6.50-8.el8
  • AND accountsservice-devel is signed with Red Hat redhatrelease2 key
  • accountsservice-libs is earlier than 0:0.6.50-8.el8
  • AND accountsservice-libs is signed with Red Hat redhatrelease2 key
  • libxslt is earlier than 0:1.1.32-4.el8
  • AND libxslt is signed with Red Hat redhatrelease2 key
  • libxslt-devel is earlier than 0:1.1.32-4.el8
  • AND libxslt-devel is signed with Red Hat redhatrelease2 key
  • vinagre is earlier than 0:3.22.0-21.el8
  • AND vinagre is signed with Red Hat redhatrelease2 key
  • gnome-boxes is earlier than 0:3.28.5-8.el8
  • AND gnome-boxes is signed with Red Hat redhatrelease2 key
  • gnome-software is earlier than 0:3.30.6-3.el8
  • AND gnome-software is signed with Red Hat redhatrelease2 key
  • gnome-software-editor is earlier than 0:3.30.6-3.el8
  • AND gnome-software-editor is signed with Red Hat redhatrelease2 key
  • gdm is earlier than 1:3.28.3-29.el8
  • AND gdm is signed with Red Hat redhatrelease2 key
  • mozjs52 is earlier than 0:52.9.0-2.el8
  • AND mozjs52 is signed with Red Hat redhatrelease2 key
  • mozjs52-devel is earlier than 0:52.9.0-2.el8
  • AND mozjs52-devel is signed with Red Hat redhatrelease2 key
  • vala is earlier than 0:0.40.19-1.el8
  • AND vala is signed with Red Hat redhatrelease2 key
  • vala-devel is earlier than 0:0.40.19-1.el8
  • AND vala-devel is signed with Red Hat redhatrelease2 key
  • mozjs60 is earlier than 0:60.9.0-4.el8
  • AND mozjs60 is signed with Red Hat redhatrelease2 key
  • mozjs60-devel is earlier than 0:60.9.0-4.el8
  • AND mozjs60-devel is signed with Red Hat redhatrelease2 key
  • gjs is earlier than 0:1.56.2-4.el8
  • AND gjs is signed with Red Hat redhatrelease2 key
  • gjs-devel is earlier than 0:1.56.2-4.el8
  • AND gjs-devel is signed with Red Hat redhatrelease2 key
  • gnome-tweaks is earlier than 0:3.28.1-7.el8
  • AND gnome-tweaks is signed with Red Hat redhatrelease2 key
  • clutter is earlier than 0:1.26.2-8.el8
  • AND clutter is signed with Red Hat redhatrelease2 key
  • clutter-devel is earlier than 0:1.26.2-8.el8
  • AND clutter-devel is signed with Red Hat redhatrelease2 key
  • clutter-doc is earlier than 0:1.26.2-8.el8
  • AND clutter-doc is signed with Red Hat redhatrelease2 key
  • gnome-control-center is earlier than 0:3.28.2-19.el8
  • AND gnome-control-center is signed with Red Hat redhatrelease2 key
  • gnome-control-center-filesystem is earlier than 0:3.28.2-19.el8
  • AND gnome-control-center-filesystem is signed with Red Hat redhatrelease2 key
  • gnome-shell is earlier than 0:3.32.2-14.el8
  • AND gnome-shell is signed with Red Hat redhatrelease2 key
  • mutter is earlier than 0:3.32.2-34.el8
  • AND mutter is signed with Red Hat redhatrelease2 key
  • mutter-devel is earlier than 0:3.32.2-34.el8
  • AND mutter-devel is signed with Red Hat redhatrelease2 key
  • libvncserver is earlier than 0:0.9.11-14.el8
  • AND libvncserver is signed with Red Hat redhatrelease2 key
  • libvncserver-devel is earlier than 0:0.9.11-14.el8
  • AND libvncserver-devel is signed with Red Hat redhatrelease2 key
    • BACK