You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa Nautilus

Sigurnosni nedostatak programskog paketa Nautilus

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201908-27
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Nautilus: Security bypass
Date: August 31, 2019
Bugs: #692784
ID: 201908-27

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

A vulnerability in Nautilus may allow attackers to escape the sandbox.

Background
==========

Default file manager for the GNOME desktop

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 gnome-base/nautilus < 3.30.5-r1 >= 3.30.5-r1

Description
===========

A vulnerability was discovered in Nautilus which allows an attacker to
escape the sandbox.

Impact
======

A local attacker could possibly bypass sandbox protection.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Nautilus users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=gnome-base/nautilus-3.30.5-r1”

References
==========

[ 1 ] CVE-2019-11461
https://nvd.nist.gov/vuln/detail/CVE-2019-11461

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201908-27

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–

iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl1qjLRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz
MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2
BVm9FggArhm4qpjkbIsnHixkpuLxpQIqUQVkbBMM7nHd78iqlWWeGEgYa2CO0M5y
yDzkqdmJx6iu2tbD5eO/nM0QiB3+d+2J691XV7MtU1JnTgp59eRnBR0Gic/xy8kN
kbZNx9GurdUpO8+VUWTDE8h1CKiyJ6o8buEv0QhhI82cGsuuQRBwCep3+XXD3fAf
tR9zFA0OZ47Xsqf7h/7BjfCxs3A6/7caXOzEgmXPx0wMhYQPgGpxC4w8cHCyDo0F
QJ/7RBGvciGHLp4If8A1DTfGD9y8XSEn3j0DnKiXlUZQw03Z9NKQNU55JcwZS2Vi
W4NlsII36gbo3+4R3QC7uYPaqd9CFg==
=BNja
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libofx

Otkriveni su sigurnosni nedostaci programske biblioteke libofx za operacijski sustav Gentoo. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close