Red Hat Enterprise Linux 8 update for GNOME



Published: 2020-04-28
Risk Critical
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2018-20337
CVE-2019-3825
CVE-2019-12447
CVE-2019-12448
CVE-2019-12449
CWE-ID CWE-121
CWE-264
CWE-362
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		libvncserver (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-boxes (Red Hat package)
Operating systems & Components / Operating system package or component

nautilus (Red Hat package)
Operating systems & Components / Operating system package or component

mutter (Red Hat package)
Operating systems & Components / Operating system package or component

mozjs60 (Red Hat package)
Operating systems & Components / Operating system package or component

gtk3 (Red Hat package)
Operating systems & Components / Operating system package or component

gsettings-desktop-schemas (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-tweaks (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-software (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-shell (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-settings-daemon (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-remote-desktop (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-control-center (Red Hat package)
Operating systems & Components / Operating system package or component

gjs (Red Hat package)
Operating systems & Components / Operating system package or component

gdm (Red Hat package)
Operating systems & Components / Operating system package or component

evince (Red Hat package)
Operating systems & Components / Operating system package or component

appstream-data (Red Hat package)
Operating systems & Components / Operating system package or component

accountsservice (Red Hat package)
Operating systems & Components / Operating system package or component

vala (Red Hat package)
Operating systems & Components / Operating system package or component

vinagre (Red Hat package)
Operating systems & Components / Operating system package or component

mozjs52 (Red Hat package)
Operating systems & Components / Operating system package or component

libxslt (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-terminal (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-session (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-online-accounts (Red Hat package)
Operating systems & Components / Operating system package or component

gnome-menus (Red Hat package)
Operating systems & Components / Operating system package or component

clutter (Red Hat package)
Operating systems & Components / Operating system package or component

LibRaw (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat CodeReady Linux Builder for ARM 64
Operating systems & Components / Operating system

Red Hat CodeReady Linux Builder for Power, little endian
Operating systems & Components / Operating system

Red Hat CodeReady Linux Builder for x86_64
Operating systems & Components / Operating system

Red Hat Enterprise Linux for ARM 64
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU16692

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-20337

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp. A remote attacker can trick the victim into opening a specially crafted input, trigger memory corruption and perform DoS attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libvncserver (Red Hat package): 0.9.11-9.el8_0.2 - 0.9.11-9.el8_1.2

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

gnome-boxes (Red Hat package): 3.28.5-7.el8

nautilus (Red Hat package): 3.28.1-10.el8

mutter (Red Hat package): 3.32.2-10.el8

mozjs60 (Red Hat package): 60.9.0-3.el8

gtk3 (Red Hat package): 3.22.30-4.el8

gsettings-desktop-schemas (Red Hat package): 3.32.0-3.el8

gnome-tweaks (Red Hat package): 3.28.1-6.el8

gnome-software (Red Hat package): 3.30.6-2.el8

gnome-shell (Red Hat package): 3.32.2-9.el8

gnome-settings-daemon (Red Hat package): 3.32.0-4.el8

gnome-remote-desktop (Red Hat package): 0.1.6-5.el8

gnome-control-center (Red Hat package): 3.28.2-5.el8

gjs (Red Hat package): 1.56.2-3.el8

gdm (Red Hat package): 3.28.3-22.el8

evince (Red Hat package): 3.28.4-3.el8

appstream-data (Red Hat package): 8-20190805.el8

accountsservice (Red Hat package): 0.6.50-7.el8

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

vala (Red Hat package): before 0.40.19-1.el8

vinagre (Red Hat package): before 3.22.0-21.el8

mozjs52 (Red Hat package): before 52.9.0-2.el8

libxslt (Red Hat package): before 1.1.32-4.el8

gnome-terminal (Red Hat package): before 3.28.3-1.el8

gnome-session (Red Hat package): before 3.28.1-8.el8

gnome-online-accounts (Red Hat package): before 3.28.2-1.el8

gnome-menus (Red Hat package): before 3.13.3-11.el8

clutter (Red Hat package): before 1.26.2-8.el8

LibRaw (Red Hat package): before 0.19.5-1.el8

External links

http://access.redhat.com/errata/RHSA-2020:1766


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Security restrictions bypass

EUVDB-ID: #VU17666

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3825

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a physical attacker to bypass security restrictions on the system.

The vulnerability exists due to improper security restrictions imposed by the affected software when timed login is enabled. A local attacker with physical access can select the timed login user and wait for the timer to expire that allows to bypass security restrictions and gain access to the logged-in user’s session on the targeted system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libvncserver (Red Hat package): 0.9.11-9.el8_0.2 - 0.9.11-9.el8_1.2

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

gnome-boxes (Red Hat package): 3.28.5-7.el8

nautilus (Red Hat package): 3.28.1-10.el8

mutter (Red Hat package): 3.32.2-10.el8

mozjs60 (Red Hat package): 60.9.0-3.el8

gtk3 (Red Hat package): 3.22.30-4.el8

gsettings-desktop-schemas (Red Hat package): 3.32.0-3.el8

gnome-tweaks (Red Hat package): 3.28.1-6.el8

gnome-software (Red Hat package): 3.30.6-2.el8

gnome-shell (Red Hat package): 3.32.2-9.el8

gnome-settings-daemon (Red Hat package): 3.32.0-4.el8

gnome-remote-desktop (Red Hat package): 0.1.6-5.el8

gnome-control-center (Red Hat package): 3.28.2-5.el8

gjs (Red Hat package): 1.56.2-3.el8

gdm (Red Hat package): 3.28.3-22.el8

evince (Red Hat package): 3.28.4-3.el8

appstream-data (Red Hat package): 8-20190805.el8

accountsservice (Red Hat package): 0.6.50-7.el8

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

vala (Red Hat package): before 0.40.19-1.el8

vinagre (Red Hat package): before 3.22.0-21.el8

mozjs52 (Red Hat package): before 52.9.0-2.el8

libxslt (Red Hat package): before 1.1.32-4.el8

gnome-terminal (Red Hat package): before 3.28.3-1.el8

gnome-session (Red Hat package): before 3.28.1-8.el8

gnome-online-accounts (Red Hat package): before 3.28.2-1.el8

gnome-menus (Red Hat package): before 3.13.3-11.el8

clutter (Red Hat package): before 1.26.2-8.el8

LibRaw (Red Hat package): before 0.19.5-1.el8

External links

http://access.redhat.com/errata/RHSA-2020:1766


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18678

Risk: Critical

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-12447

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to functionality in the daemon/gvfsbackendadmin.c file doesn't make use of "setfsuid" call when handling ownership permissions. A remote attacker can gain unauthorized access to arbitrary files on a system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libvncserver (Red Hat package): 0.9.11-9.el8_0.2 - 0.9.11-9.el8_1.2

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

gnome-boxes (Red Hat package): 3.28.5-7.el8

nautilus (Red Hat package): 3.28.1-10.el8

mutter (Red Hat package): 3.32.2-10.el8

mozjs60 (Red Hat package): 60.9.0-3.el8

gtk3 (Red Hat package): 3.22.30-4.el8

gsettings-desktop-schemas (Red Hat package): 3.32.0-3.el8

gnome-tweaks (Red Hat package): 3.28.1-6.el8

gnome-software (Red Hat package): 3.30.6-2.el8

gnome-shell (Red Hat package): 3.32.2-9.el8

gnome-settings-daemon (Red Hat package): 3.32.0-4.el8

gnome-remote-desktop (Red Hat package): 0.1.6-5.el8

gnome-control-center (Red Hat package): 3.28.2-5.el8

gjs (Red Hat package): 1.56.2-3.el8

gdm (Red Hat package): 3.28.3-22.el8

evince (Red Hat package): 3.28.4-3.el8

appstream-data (Red Hat package): 8-20190805.el8

accountsservice (Red Hat package): 0.6.50-7.el8

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

vala (Red Hat package): before 0.40.19-1.el8

vinagre (Red Hat package): before 3.22.0-21.el8

mozjs52 (Red Hat package): before 52.9.0-2.el8

libxslt (Red Hat package): before 1.1.32-4.el8

gnome-terminal (Red Hat package): before 3.28.3-1.el8

gnome-session (Red Hat package): before 3.28.1-8.el8

gnome-online-accounts (Red Hat package): before 3.28.2-1.el8

gnome-menus (Red Hat package): before 3.13.3-11.el8

clutter (Red Hat package): before 1.26.2-8.el8

LibRaw (Red Hat package): before 0.19.5-1.el8

External links

http://access.redhat.com/errata/RHSA-2020:1766


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Race condition

EUVDB-ID: #VU18677

Risk: High

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-12448

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite or access sensitive information, or cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists due to race conditions in the daemon/gvfsbackendadmin.c source code file because the admin backend does not implement the query_info_on_read/write functionality. A remote attacker can send a request with malicious input to the system and cause race condition that will allow to overwrite or access sensitive information or cause a DoS condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libvncserver (Red Hat package): 0.9.11-9.el8_0.2 - 0.9.11-9.el8_1.2

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

gnome-boxes (Red Hat package): 3.28.5-7.el8

nautilus (Red Hat package): 3.28.1-10.el8

mutter (Red Hat package): 3.32.2-10.el8

mozjs60 (Red Hat package): 60.9.0-3.el8

gtk3 (Red Hat package): 3.22.30-4.el8

gsettings-desktop-schemas (Red Hat package): 3.32.0-3.el8

gnome-tweaks (Red Hat package): 3.28.1-6.el8

gnome-software (Red Hat package): 3.30.6-2.el8

gnome-shell (Red Hat package): 3.32.2-9.el8

gnome-settings-daemon (Red Hat package): 3.32.0-4.el8

gnome-remote-desktop (Red Hat package): 0.1.6-5.el8

gnome-control-center (Red Hat package): 3.28.2-5.el8

gjs (Red Hat package): 1.56.2-3.el8

gdm (Red Hat package): 3.28.3-22.el8

evince (Red Hat package): 3.28.4-3.el8

appstream-data (Red Hat package): 8-20190805.el8

accountsservice (Red Hat package): 0.6.50-7.el8

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

vala (Red Hat package): before 0.40.19-1.el8

vinagre (Red Hat package): before 3.22.0-21.el8

mozjs52 (Red Hat package): before 52.9.0-2.el8

libxslt (Red Hat package): before 1.1.32-4.el8

gnome-terminal (Red Hat package): before 3.28.3-1.el8

gnome-session (Red Hat package): before 3.28.1-8.el8

gnome-online-accounts (Red Hat package): before 3.28.2-1.el8

gnome-menus (Red Hat package): before 3.13.3-11.el8

clutter (Red Hat package): before 1.26.2-8.el8

LibRaw (Red Hat package): before 0.19.5-1.el8

External links

http://access.redhat.com/errata/RHSA-2020:1766


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18676

Risk: Critical

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-12449

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to mishandling of file user and group ownership in the daemon/gvfsbackendadmin.c file. Operations "G_FILE_COPY_ALL_METADATA" from admin:// URIs to file:// URIs during move-and-copy are handled by the Gnome Input/Output (GIO) fallback code, which does not run with root permissions. A remote attacker can gain unauthorized access to arbitrary file information on a system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libvncserver (Red Hat package): 0.9.11-9.el8_0.2 - 0.9.11-9.el8_1.2

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

gnome-boxes (Red Hat package): 3.28.5-7.el8

nautilus (Red Hat package): 3.28.1-10.el8

mutter (Red Hat package): 3.32.2-10.el8

mozjs60 (Red Hat package): 60.9.0-3.el8

gtk3 (Red Hat package): 3.22.30-4.el8

gsettings-desktop-schemas (Red Hat package): 3.32.0-3.el8

gnome-tweaks (Red Hat package): 3.28.1-6.el8

gnome-software (Red Hat package): 3.30.6-2.el8

gnome-shell (Red Hat package): 3.32.2-9.el8

gnome-settings-daemon (Red Hat package): 3.32.0-4.el8

gnome-remote-desktop (Red Hat package): 0.1.6-5.el8

gnome-control-center (Red Hat package): 3.28.2-5.el8

gjs (Red Hat package): 1.56.2-3.el8

gdm (Red Hat package): 3.28.3-22.el8

evince (Red Hat package): 3.28.4-3.el8

appstream-data (Red Hat package): 8-20190805.el8

accountsservice (Red Hat package): 0.6.50-7.el8

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

vala (Red Hat package): before 0.40.19-1.el8

vinagre (Red Hat package): before 3.22.0-21.el8

mozjs52 (Red Hat package): before 52.9.0-2.el8

libxslt (Red Hat package): before 1.1.32-4.el8

gnome-terminal (Red Hat package): before 3.28.3-1.el8

gnome-session (Red Hat package): before 3.28.1-8.el8

gnome-online-accounts (Red Hat package): before 3.28.2-1.el8

gnome-menus (Red Hat package): before 3.13.3-11.el8

clutter (Red Hat package): before 1.26.2-8.el8

LibRaw (Red Hat package): before 0.19.5-1.el8

External links

http://access.redhat.com/errata/RHSA-2020:1766


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###