You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke GNOME desktop library

Sigurnosni nedostatak programske biblioteke GNOME desktop library

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201908-28
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: GNOME desktop library: Security bypass
Date: August 31, 2019
Bugs: #692782
ID: 201908-28

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

A vulnerability in the GNOME desktop library may allow attackers to
escape the sandbox.

Background
==========

Library with common API for various GNOME modules.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 gnome-base/gnome-desktop
< 3.30.2.3 >= 3.30.2.3

Description
===========

A vulnerability was discovered in the GNOME desktop library which
allows an attacker to escape the sandbox.

Impact
======

A local attacker could possibly bypass sandbox protection.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GNOME desktop library users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=gnome-base/gnome-desktop-3.30.2.3”

References
==========

[ 1 ] CVE-2019-11460
https://nvd.nist.gov/vuln/detail/CVE-2019-11460

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201908-28

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–

iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl1q40FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz
MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2
BVlWAgf+NT8T5jDm2F1eQoJoad/3XM3y5QF5o4/ERs/CJjXvpAyXXg4iKq4+eHwI
TT1mmRhh/iLtp/KteDhYaD/RucvoR8k1PDNM6OaBqUjOoO4FP9XE9Ih3iHR6H2+j
2s1lLRc9sl5/Y+b8AOIhW+UXFIRq9Nw5mLiNN0wwMTz2NGWCq6vrFU6NWYGmSsDS
9BuuTfmjxvpGdJ4ymm582SC8eNk1dXfxQmtLs1hsNZwxQKCwXX6xDMJ3S0r+WkgR
cMrkg/j0lpQAXc6unO+bRVem+WRUfQVZ8nHvF5+4y335+HrSggoS4/f60mSs9kUl
Iy5p6HVxjx0r9A3ht/fEiP2KGIgb7g==
=PzLs
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libmirage

Otkriven je sigurnosni nedostatak programske biblioteke libmirage za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda....

Close