RLSA-2020:4451
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2020:4451.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2020:4451
- Related
- Published
- 2020-11-03T12:05:56Z
- Modified
- 2023-02-02T12:50:45.694088Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Moderate: GNOME security, bug fix, and enhancement update
- Details
-
GNOME is the default desktop environment of Rocky Linux.
The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)
Security Fix(es):
webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)
gnome-settings-daemon: Rocky Enterprise Software Foundation Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)
LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2020:4451
- https://bugzilla.redhat.com/show_bug.cgi?id=1207179
- https://bugzilla.redhat.com/show_bug.cgi?id=1566027
- https://bugzilla.redhat.com/show_bug.cgi?id=1569868
- https://bugzilla.redhat.com/show_bug.cgi?id=1652178
- https://bugzilla.redhat.com/show_bug.cgi?id=1656262
- https://bugzilla.redhat.com/show_bug.cgi?id=1668895
- https://bugzilla.redhat.com/show_bug.cgi?id=1692536
- https://bugzilla.redhat.com/show_bug.cgi?id=1706008
- https://bugzilla.redhat.com/show_bug.cgi?id=1706076
- https://bugzilla.redhat.com/show_bug.cgi?id=1715845
- https://bugzilla.redhat.com/show_bug.cgi?id=1719937
- https://bugzilla.redhat.com/show_bug.cgi?id=1758891
- https://bugzilla.redhat.com/show_bug.cgi?id=1775345
- https://bugzilla.redhat.com/show_bug.cgi?id=1778579
- https://bugzilla.redhat.com/show_bug.cgi?id=1779691
- https://bugzilla.redhat.com/show_bug.cgi?id=1794045
- https://bugzilla.redhat.com/show_bug.cgi?id=1804719
- https://bugzilla.redhat.com/show_bug.cgi?id=1805929
- https://bugzilla.redhat.com/show_bug.cgi?id=1811721
- https://bugzilla.redhat.com/show_bug.cgi?id=1814820
- https://bugzilla.redhat.com/show_bug.cgi?id=1816070
- https://bugzilla.redhat.com/show_bug.cgi?id=1816678
- https://bugzilla.redhat.com/show_bug.cgi?id=1816684
- https://bugzilla.redhat.com/show_bug.cgi?id=1816686
- https://bugzilla.redhat.com/show_bug.cgi?id=1817143
- https://bugzilla.redhat.com/show_bug.cgi?id=1820759
- https://bugzilla.redhat.com/show_bug.cgi?id=1820760
- https://bugzilla.redhat.com/show_bug.cgi?id=1824362
- https://bugzilla.redhat.com/show_bug.cgi?id=1827030
- https://bugzilla.redhat.com/show_bug.cgi?id=1829369
- https://bugzilla.redhat.com/show_bug.cgi?id=1832347
- https://bugzilla.redhat.com/show_bug.cgi?id=1833158
- https://bugzilla.redhat.com/show_bug.cgi?id=1837381
- https://bugzilla.redhat.com/show_bug.cgi?id=1837406
- https://bugzilla.redhat.com/show_bug.cgi?id=1837413
- https://bugzilla.redhat.com/show_bug.cgi?id=1837648
- https://bugzilla.redhat.com/show_bug.cgi?id=1840080
- https://bugzilla.redhat.com/show_bug.cgi?id=1840788
- https://bugzilla.redhat.com/show_bug.cgi?id=1843486
- https://bugzilla.redhat.com/show_bug.cgi?id=1844578
- https://bugzilla.redhat.com/show_bug.cgi?id=1846191
- https://bugzilla.redhat.com/show_bug.cgi?id=1847051
- https://bugzilla.redhat.com/show_bug.cgi?id=1847061
- https://bugzilla.redhat.com/show_bug.cgi?id=1847062
- https://bugzilla.redhat.com/show_bug.cgi?id=1847203
- https://bugzilla.redhat.com/show_bug.cgi?id=1853477
- https://bugzilla.redhat.com/show_bug.cgi?id=1854734
- https://bugzilla.redhat.com/show_bug.cgi?id=1866332
- https://bugzilla.redhat.com/show_bug.cgi?id=1868260
- https://bugzilla.redhat.com/show_bug.cgi?id=1872270
- https://bugzilla.redhat.com/show_bug.cgi?id=1873093
- https://bugzilla.redhat.com/show_bug.cgi?id=1873963
- https://bugzilla.redhat.com/show_bug.cgi?id=1876462
- https://bugzilla.redhat.com/show_bug.cgi?id=1876463
- https://bugzilla.redhat.com/show_bug.cgi?id=1876465
- https://bugzilla.redhat.com/show_bug.cgi?id=1876468
- https://bugzilla.redhat.com/show_bug.cgi?id=1876470
- https://bugzilla.redhat.com/show_bug.cgi?id=1876472
- https://bugzilla.redhat.com/show_bug.cgi?id=1876473
- https://bugzilla.redhat.com/show_bug.cgi?id=1876476
- https://bugzilla.redhat.com/show_bug.cgi?id=1876516
- https://bugzilla.redhat.com/show_bug.cgi?id=1876518
- https://bugzilla.redhat.com/show_bug.cgi?id=1876521
- https://bugzilla.redhat.com/show_bug.cgi?id=1876522
- https://bugzilla.redhat.com/show_bug.cgi?id=1876523
- https://bugzilla.redhat.com/show_bug.cgi?id=1876536
- https://bugzilla.redhat.com/show_bug.cgi?id=1876537
- https://bugzilla.redhat.com/show_bug.cgi?id=1876540
- https://bugzilla.redhat.com/show_bug.cgi?id=1876543
- https://bugzilla.redhat.com/show_bug.cgi?id=1876545
- https://bugzilla.redhat.com/show_bug.cgi?id=1876548
- https://bugzilla.redhat.com/show_bug.cgi?id=1876549
- https://bugzilla.redhat.com/show_bug.cgi?id=1876550
- https://bugzilla.redhat.com/show_bug.cgi?id=1876552
- https://bugzilla.redhat.com/show_bug.cgi?id=1876553
- https://bugzilla.redhat.com/show_bug.cgi?id=1876554
- https://bugzilla.redhat.com/show_bug.cgi?id=1876555
- https://bugzilla.redhat.com/show_bug.cgi?id=1876556
- https://bugzilla.redhat.com/show_bug.cgi?id=1876590
- https://bugzilla.redhat.com/show_bug.cgi?id=1876591
- https://bugzilla.redhat.com/show_bug.cgi?id=1876594
- https://bugzilla.redhat.com/show_bug.cgi?id=1876607
- https://bugzilla.redhat.com/show_bug.cgi?id=1876611
- https://bugzilla.redhat.com/show_bug.cgi?id=1876617
- https://bugzilla.redhat.com/show_bug.cgi?id=1876619
- https://bugzilla.redhat.com/show_bug.cgi?id=1877853
- https://bugzilla.redhat.com/show_bug.cgi?id=1879532
- https://bugzilla.redhat.com/show_bug.cgi?id=1879535
- https://bugzilla.redhat.com/show_bug.cgi?id=1879536
- https://bugzilla.redhat.com/show_bug.cgi?id=1879538
- https://bugzilla.redhat.com/show_bug.cgi?id=1879540
- https://bugzilla.redhat.com/show_bug.cgi?id=1879541
- https://bugzilla.redhat.com/show_bug.cgi?id=1879545
- https://bugzilla.redhat.com/show_bug.cgi?id=1879557
- https://bugzilla.redhat.com/show_bug.cgi?id=1879559
- https://bugzilla.redhat.com/show_bug.cgi?id=1879563
- https://bugzilla.redhat.com/show_bug.cgi?id=1879564
- https://bugzilla.redhat.com/show_bug.cgi?id=1879566
- https://bugzilla.redhat.com/show_bug.cgi?id=1879568
- https://bugzilla.redhat.com/show_bug.cgi?id=1880339
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / dleyna-renderer
Package
- Name
- dleyna-renderer
- Purl
- pkg:rpm/rocky-linux/dleyna-renderer?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / frei0r-plugins
Package
- Name
- frei0r-plugins
- Purl
- pkg:rpm/rocky-linux/frei0r-plugins?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gnome-remote-desktop
Package
- Name
- gnome-remote-desktop
- Purl
- pkg:rpm/rocky-linux/gnome-remote-desktop?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gnome-session
Package
- Name
- gnome-session
- Purl
- pkg:rpm/rocky-linux/gnome-session?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / gsettings-desktop-schemas
Package
- Name
- gsettings-desktop-schemas
- Purl
- pkg:rpm/rocky-linux/gsettings-desktop-schemas?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / gtk3
Package
- Name
- gtk3
- Purl
- pkg:rpm/rocky-linux/gtk3?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/rocky-linux/LibRaw?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / libsoup
Package
- Name
- libsoup
- Purl
- pkg:rpm/rocky-linux/libsoup?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / PackageKit
Package
- Name
- PackageKit
- Purl
- pkg:rpm/rocky-linux/PackageKit?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / PackageKit
Package
- Name
- PackageKit
- Purl
- pkg:rpm/rocky-linux/PackageKit?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / pipewire0.2
Package
- Name
- pipewire0.2
- Purl
- pkg:rpm/rocky-linux/pipewire0.2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / pipewire
Package
- Name
- pipewire
- Purl
- pkg:rpm/rocky-linux/pipewire?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / potrace
Package
- Name
- potrace
- Purl
- pkg:rpm/rocky-linux/potrace?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / pygobject3
Package
- Name
- pygobject3
- Purl
- pkg:rpm/rocky-linux/pygobject3?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / tracker
Package
- Name
- tracker
- Purl
- pkg:rpm/rocky-linux/tracker?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / vte291
Package
- Name
- vte291
- Purl
- pkg:rpm/rocky-linux/vte291?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / webrtc-audio-processing
Package
- Name
- webrtc-audio-processing
- Purl
- pkg:rpm/rocky-linux/webrtc-audio-processing?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / xdg-desktop-portal-gtk
Package
- Name
- xdg-desktop-portal-gtk
- Purl
- pkg:rpm/rocky-linux/xdg-desktop-portal-gtk?distro=rocky-linux-8-4-legacy&epoch=0