Detections
Analytics
RHEL 8 : GNOME (RHSA-2020:4451)
critical Nessus Plugin ID 142418
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4451 advisory.GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal- gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)
* gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)
* LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?b7e37d18
http://www.nessus.org/u?dd0db1d1
https://access.redhat.com/errata/RHSA-2020:4451
https://bugzilla.redhat.com/show_bug.cgi?id=1207179
https://bugzilla.redhat.com/show_bug.cgi?id=1566027
https://bugzilla.redhat.com/show_bug.cgi?id=1569868
https://bugzilla.redhat.com/show_bug.cgi?id=1652178
https://bugzilla.redhat.com/show_bug.cgi?id=1656262
https://bugzilla.redhat.com/show_bug.cgi?id=1668895
https://bugzilla.redhat.com/show_bug.cgi?id=1692536
https://bugzilla.redhat.com/show_bug.cgi?id=1706008
https://bugzilla.redhat.com/show_bug.cgi?id=1706076
https://bugzilla.redhat.com/show_bug.cgi?id=1715845
https://bugzilla.redhat.com/show_bug.cgi?id=1719937
https://bugzilla.redhat.com/show_bug.cgi?id=1758891
https://bugzilla.redhat.com/show_bug.cgi?id=1775345
https://bugzilla.redhat.com/show_bug.cgi?id=1778579
https://bugzilla.redhat.com/show_bug.cgi?id=1779691
https://bugzilla.redhat.com/show_bug.cgi?id=1794045
https://bugzilla.redhat.com/show_bug.cgi?id=1804719
https://bugzilla.redhat.com/show_bug.cgi?id=1805929
https://bugzilla.redhat.com/show_bug.cgi?id=1811721
https://bugzilla.redhat.com/show_bug.cgi?id=1814820
https://bugzilla.redhat.com/show_bug.cgi?id=1816070
https://bugzilla.redhat.com/show_bug.cgi?id=1816678
https://bugzilla.redhat.com/show_bug.cgi?id=1816684
https://bugzilla.redhat.com/show_bug.cgi?id=1816686
https://bugzilla.redhat.com/show_bug.cgi?id=1817143
https://bugzilla.redhat.com/show_bug.cgi?id=1820759
https://bugzilla.redhat.com/show_bug.cgi?id=1820760
https://bugzilla.redhat.com/show_bug.cgi?id=1824362
https://bugzilla.redhat.com/show_bug.cgi?id=1827030
https://bugzilla.redhat.com/show_bug.cgi?id=1829369
https://bugzilla.redhat.com/show_bug.cgi?id=1832347
https://bugzilla.redhat.com/show_bug.cgi?id=1833158
https://bugzilla.redhat.com/show_bug.cgi?id=1837381
https://bugzilla.redhat.com/show_bug.cgi?id=1837406
https://bugzilla.redhat.com/show_bug.cgi?id=1837413
https://bugzilla.redhat.com/show_bug.cgi?id=1837648
https://bugzilla.redhat.com/show_bug.cgi?id=1840080
https://bugzilla.redhat.com/show_bug.cgi?id=1840788
https://bugzilla.redhat.com/show_bug.cgi?id=1843486
https://bugzilla.redhat.com/show_bug.cgi?id=1844578
https://bugzilla.redhat.com/show_bug.cgi?id=1846191
https://bugzilla.redhat.com/show_bug.cgi?id=1847051
https://bugzilla.redhat.com/show_bug.cgi?id=1847061
https://bugzilla.redhat.com/show_bug.cgi?id=1847062
https://bugzilla.redhat.com/show_bug.cgi?id=1847203
https://bugzilla.redhat.com/show_bug.cgi?id=1853477
https://bugzilla.redhat.com/show_bug.cgi?id=1854734
https://bugzilla.redhat.com/show_bug.cgi?id=1866332
https://bugzilla.redhat.com/show_bug.cgi?id=1868260
https://bugzilla.redhat.com/show_bug.cgi?id=1872270
https://bugzilla.redhat.com/show_bug.cgi?id=1873093
https://bugzilla.redhat.com/show_bug.cgi?id=1873963
https://bugzilla.redhat.com/show_bug.cgi?id=1876462
https://bugzilla.redhat.com/show_bug.cgi?id=1876463
https://bugzilla.redhat.com/show_bug.cgi?id=1876465
https://bugzilla.redhat.com/show_bug.cgi?id=1876468
https://bugzilla.redhat.com/show_bug.cgi?id=1876470
https://bugzilla.redhat.com/show_bug.cgi?id=1876472
https://bugzilla.redhat.com/show_bug.cgi?id=1876473
https://bugzilla.redhat.com/show_bug.cgi?id=1876476
https://bugzilla.redhat.com/show_bug.cgi?id=1876516
https://bugzilla.redhat.com/show_bug.cgi?id=1876518
https://bugzilla.redhat.com/show_bug.cgi?id=1876521
https://bugzilla.redhat.com/show_bug.cgi?id=1876522
https://bugzilla.redhat.com/show_bug.cgi?id=1876523
https://bugzilla.redhat.com/show_bug.cgi?id=1876536
https://bugzilla.redhat.com/show_bug.cgi?id=1876537
https://bugzilla.redhat.com/show_bug.cgi?id=1876540
https://bugzilla.redhat.com/show_bug.cgi?id=1876543
https://bugzilla.redhat.com/show_bug.cgi?id=1876545
https://bugzilla.redhat.com/show_bug.cgi?id=1876548
https://bugzilla.redhat.com/show_bug.cgi?id=1876549
https://bugzilla.redhat.com/show_bug.cgi?id=1876550
https://bugzilla.redhat.com/show_bug.cgi?id=1876552
https://bugzilla.redhat.com/show_bug.cgi?id=1876553
https://bugzilla.redhat.com/show_bug.cgi?id=1876554
https://bugzilla.redhat.com/show_bug.cgi?id=1876555
https://bugzilla.redhat.com/show_bug.cgi?id=1876556
https://bugzilla.redhat.com/show_bug.cgi?id=1876590
https://bugzilla.redhat.com/show_bug.cgi?id=1876591
https://bugzilla.redhat.com/show_bug.cgi?id=1876594
https://bugzilla.redhat.com/show_bug.cgi?id=1876607
https://bugzilla.redhat.com/show_bug.cgi?id=1876611
https://bugzilla.redhat.com/show_bug.cgi?id=1876617
https://bugzilla.redhat.com/show_bug.cgi?id=1876619
https://bugzilla.redhat.com/show_bug.cgi?id=1877853
https://bugzilla.redhat.com/show_bug.cgi?id=1879532
https://bugzilla.redhat.com/show_bug.cgi?id=1879535
https://bugzilla.redhat.com/show_bug.cgi?id=1879536
https://bugzilla.redhat.com/show_bug.cgi?id=1879538
https://bugzilla.redhat.com/show_bug.cgi?id=1879540
https://bugzilla.redhat.com/show_bug.cgi?id=1879541
https://bugzilla.redhat.com/show_bug.cgi?id=1879545
https://bugzilla.redhat.com/show_bug.cgi?id=1879557
https://bugzilla.redhat.com/show_bug.cgi?id=1879559
https://bugzilla.redhat.com/show_bug.cgi?id=1879563
https://bugzilla.redhat.com/show_bug.cgi?id=1879564
https://bugzilla.redhat.com/show_bug.cgi?id=1879566
https://bugzilla.redhat.com/show_bug.cgi?id=1879568
https://bugzilla.redhat.com/show_bug.cgi?id=1880339
https://access.redhat.com/security/updates/classification/#moderate
Plugin Details
Severity: Critical
ID: 142418
File Name: redhat-RHSA-2020-4451.nasl
Version: 1.15
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/4/2020
Updated: 6/4/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-3899
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2020-9895
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:webkit2gtk3, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon, p-cpe:/a:redhat:enterprise_linux:libraw, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel, p-cpe:/a:redhat:enterprise_linux:libraw-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel, cpe:/o:redhat:enterprise_linux:8
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/4/2020
Vulnerability Publication Date: 9/23/2019
CISA Known Exploited Vulnerability Due Dates: 11/17/2021, 6/13/2022
Exploitable With
Metasploit (Safari in Operator Side Effect Exploit)
Reference Information
CVE: CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-10018, CVE-2020-11793, CVE-2020-14391, CVE-2020-15503, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-9952, CVE-2021-30666, CVE-2021-30761, CVE-2021-30762