RHEL 8 : GNOME (RHSA-2019:3553)

high Nessus Plugin ID 130552

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3553 advisory.

GNOME is the default desktop environment of Red Hat Enterprise Linux.

Security Fix(es):

* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)

* gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?b8d3b26b

http://www.nessus.org/u?ff517355

https://access.redhat.com/errata/RHSA-2019:3553

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=1662193

https://bugzilla.redhat.com/show_bug.cgi?id=1667136

https://bugzilla.redhat.com/show_bug.cgi?id=1673011

https://bugzilla.redhat.com/show_bug.cgi?id=1674382

https://bugzilla.redhat.com/show_bug.cgi?id=1679127

https://bugzilla.redhat.com/show_bug.cgi?id=1680164

https://bugzilla.redhat.com/show_bug.cgi?id=1685811

https://bugzilla.redhat.com/show_bug.cgi?id=1687949

https://bugzilla.redhat.com/show_bug.cgi?id=1690506

https://bugzilla.redhat.com/show_bug.cgi?id=1696708

https://bugzilla.redhat.com/show_bug.cgi?id=1698520

https://bugzilla.redhat.com/show_bug.cgi?id=1698884

https://bugzilla.redhat.com/show_bug.cgi?id=1698923

https://bugzilla.redhat.com/show_bug.cgi?id=1698929

https://bugzilla.redhat.com/show_bug.cgi?id=1698930

https://bugzilla.redhat.com/show_bug.cgi?id=1704355

https://bugzilla.redhat.com/show_bug.cgi?id=1704360

https://bugzilla.redhat.com/show_bug.cgi?id=1704378

https://bugzilla.redhat.com/show_bug.cgi?id=1705583

https://bugzilla.redhat.com/show_bug.cgi?id=1706793

https://bugzilla.redhat.com/show_bug.cgi?id=1709937

https://bugzilla.redhat.com/show_bug.cgi?id=1713080

https://bugzilla.redhat.com/show_bug.cgi?id=1713330

https://bugzilla.redhat.com/show_bug.cgi?id=1713453

https://bugzilla.redhat.com/show_bug.cgi?id=1713685

https://bugzilla.redhat.com/show_bug.cgi?id=1715738

https://bugzilla.redhat.com/show_bug.cgi?id=1715761

https://bugzilla.redhat.com/show_bug.cgi?id=1715765

https://bugzilla.redhat.com/show_bug.cgi?id=1716295

https://bugzilla.redhat.com/show_bug.cgi?id=1716771

https://bugzilla.redhat.com/show_bug.cgi?id=1718133

https://bugzilla.redhat.com/show_bug.cgi?id=1719241

https://bugzilla.redhat.com/show_bug.cgi?id=1719279

https://bugzilla.redhat.com/show_bug.cgi?id=1719779

https://bugzilla.redhat.com/show_bug.cgi?id=1720481

https://bugzilla.redhat.com/show_bug.cgi?id=1721195

https://bugzilla.redhat.com/show_bug.cgi?id=1721575

https://bugzilla.redhat.com/show_bug.cgi?id=1722047

https://bugzilla.redhat.com/show_bug.cgi?id=1722844

https://bugzilla.redhat.com/show_bug.cgi?id=1723467

https://bugzilla.redhat.com/show_bug.cgi?id=1723836

https://bugzilla.redhat.com/show_bug.cgi?id=1724551

https://bugzilla.redhat.com/show_bug.cgi?id=1725101

https://bugzilla.redhat.com/show_bug.cgi?id=1725107

https://bugzilla.redhat.com/show_bug.cgi?id=1725120

https://bugzilla.redhat.com/show_bug.cgi?id=1725555

https://bugzilla.redhat.com/show_bug.cgi?id=1725741

https://bugzilla.redhat.com/show_bug.cgi?id=1725766

https://bugzilla.redhat.com/show_bug.cgi?id=1725854

https://bugzilla.redhat.com/show_bug.cgi?id=1726093

https://bugzilla.redhat.com/show_bug.cgi?id=1726505

https://bugzilla.redhat.com/show_bug.cgi?id=1726656

https://bugzilla.redhat.com/show_bug.cgi?id=1728277

https://bugzilla.redhat.com/show_bug.cgi?id=1731372

https://bugzilla.redhat.com/show_bug.cgi?id=1735382

https://bugzilla.redhat.com/show_bug.cgi?id=1737326

https://bugzilla.redhat.com/show_bug.cgi?id=1739116

https://bugzilla.redhat.com/show_bug.cgi?id=1739117

https://bugzilla.redhat.com/show_bug.cgi?id=1741547

Plugin Details

Severity: High

ID: 130552

File Name: redhat-RHSA-2019-3553.nasl

Version: 1.7

Type: local

Agent: unix

Published: 11/6/2019

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-8689

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2019-8735

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-top-icons, p-cpe:/a:redhat:enterprise_linux:libpurple-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel, p-cpe:/a:redhat:enterprise_linux:mozjs60, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3, p-cpe:/a:redhat:enterprise_linux:gnome-control-center-filesystem, p-cpe:/a:redhat:enterprise_linux:evince-libs, p-cpe:/a:redhat:enterprise_linux:gnome-classic-session, p-cpe:/a:redhat:enterprise_linux:gnome-control-center, p-cpe:/a:redhat:enterprise_linux:gvfs-smb, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:redhat:enterprise_linux:gtk3, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-list, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3-devel, p-cpe:/a:redhat:enterprise_linux:gvfs-fuse, p-cpe:/a:redhat:enterprise_linux:sdl, p-cpe:/a:redhat:enterprise_linux:gnome-shell, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-plugin-process-gtk2, p-cpe:/a:redhat:enterprise_linux:gnome-tweaks, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-systemmonitor, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-fade-in, p-cpe:/a:redhat:enterprise_linux:accountsservice, p-cpe:/a:redhat:enterprise_linux:file-roller, p-cpe:/a:redhat:enterprise_linux:gjs, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-xlib, p-cpe:/a:redhat:enterprise_linux:chrome-gnome-shell, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-two-step, p-cpe:/a:redhat:enterprise_linux:mutter-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-user-theme, p-cpe:/a:redhat:enterprise_linux:accountsservice-devel, p-cpe:/a:redhat:enterprise_linux:gjs-devel, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas, p-cpe:/a:redhat:enterprise_linux:gvfs-afp, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-grouper, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-modules, p-cpe:/a:redhat:enterprise_linux:sdl-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-places-menu, p-cpe:/a:redhat:enterprise_linux:gvfs-devel, p-cpe:/a:redhat:enterprise_linux:mozjs60-devel, p-cpe:/a:redhat:enterprise_linux:wayland-protocols-devel, p-cpe:/a:redhat:enterprise_linux:plymouth-system-theme, p-cpe:/a:redhat:enterprise_linux:gtk-update-icon-cache, p-cpe:/a:redhat:enterprise_linux:gtk3-devel, p-cpe:/a:redhat:enterprise_linux:gnome-remote-desktop, p-cpe:/a:redhat:enterprise_linux:evince, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-panel-favorites, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas-devel, p-cpe:/a:redhat:enterprise_linux:gvfs-client, p-cpe:/a:redhat:enterprise_linux:libpurple, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:redhat:enterprise_linux:accountsservice-libs, p-cpe:/a:redhat:enterprise_linux:nautilus-devel, p-cpe:/a:redhat:enterprise_linux:pidgin-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-updates-dialog, p-cpe:/a:redhat:enterprise_linux:gtk3-immodule-xim, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-script, p-cpe:/a:redhat:enterprise_linux:gdm, p-cpe:/a:redhat:enterprise_linux:baobab, p-cpe:/a:redhat:enterprise_linux:gvfs-goa, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-xlib-devel, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-solar, p-cpe:/a:redhat:enterprise_linux:gvfs-afc, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-spinner, p-cpe:/a:redhat:enterprise_linux:pango-devel, p-cpe:/a:redhat:enterprise_linux:plymouth-scripts, p-cpe:/a:redhat:enterprise_linux:nautilus-extensions, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-windowsnavigator, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-charge, p-cpe:/a:redhat:enterprise_linux:plymouth-core-libs, p-cpe:/a:redhat:enterprise_linux:plymouth-graphics-libs, p-cpe:/a:redhat:enterprise_linux:wayland-protocols, p-cpe:/a:redhat:enterprise_linux:gvfs-gphoto2, p-cpe:/a:redhat:enterprise_linux:appstream-data, p-cpe:/a:redhat:enterprise_linux:mutter, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-throbgress, p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin, p-cpe:/a:redhat:enterprise_linux:evince-nautilus, p-cpe:/a:redhat:enterprise_linux:pidgin, p-cpe:/a:redhat:enterprise_linux:gnome-software, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-space-flares, p-cpe:/a:redhat:enterprise_linux:nautilus, p-cpe:/a:redhat:enterprise_linux:gnome-software-editor, p-cpe:/a:redhat:enterprise_linux:gvfs, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-desktop-icons, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-native-window-placement, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:redhat:enterprise_linux:gvfs-archive, p-cpe:/a:redhat:enterprise_linux:gvfs-mtp, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-drive-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:redhat:enterprise_linux:pango, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-fade-throbber, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-common, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-spinfinity, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extensions, p-cpe:/a:redhat:enterprise_linux:plymouth, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-apps-menu, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-script, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-label

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/5/2019

Vulnerability Publication Date: 4/22/2019

CISA Known Exploited Vulnerability Due Dates: 5/25/2022

Reference Information

CVE: CVE-2019-11070, CVE-2019-11459, CVE-2019-12795, CVE-2019-3820, CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8666, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8679, CVE-2019-8681, CVE-2019-8686, CVE-2019-8687, CVE-2019-8689, CVE-2019-8690, CVE-2019-8726, CVE-2019-8735, CVE-2019-8768

CWE: 125, 20, 200, 285, 79, 94

RHSA: 2019:3553