Detections
Analytics
CentOS 8 : GNOME (CESA-2019:3553)
high Nessus Plugin ID 145653
Language:
Synopsis
The remote CentOS host is missing one or more security updates.Description
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3553 advisory.- webkitgtk: HTTP proxy setting deanonymization information disclosure (CVE-2019-11070)
- evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)
- gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795)
- webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8666, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8679, CVE-2019-8681, CVE-2019-8686, CVE-2019-8687, CVE-2019-8689, CVE-2019-8726, CVE-2019-8735)
- webkitgtk: processing maliciously crafted web content lead to URI spoofing (CVE-2019-6251)
- webkitgtk: malicous web content leads to arbitrary code execution (CVE-2019-8506)
- webkitgtk: malicious web content leads to arbitrary code execution (CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8559, CVE-2019-8563)
- webkitgtk: malicious crafted web content leads to arbitrary code execution (CVE-2019-8535, CVE-2019-8536, CVE-2019-8558)
- webkitgtk: malicious crafted web content leads to arbitrary we content (CVE-2019-8544)
- webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2019-8607)
- webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8690)
- webkitgtk: Browsing history could not be deleted (CVE-2019-8768)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 145653
File Name: centos8_RHSA-2019-3553.nasl
Version: 1.6
Type: local
Agent: unix
Family: CentOS Local Security Checks
Published: 1/29/2021
Updated: 4/25/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-8689
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
CVSS Score Source: CVE-2019-8735
Vulnerability Information
CPE: p-cpe:/a:centos:centos:gdk-pixbuf2-xlib, p-cpe:/a:centos:centos:gvfs-smb, p-cpe:/a:centos:centos:gtk3, p-cpe:/a:centos:centos:file-roller, p-cpe:/a:centos:centos:plymouth-core-libs, p-cpe:/a:centos:centos:plymouth-theme-solar, p-cpe:/a:centos:centos:gvfs-goa, p-cpe:/a:centos:centos:gtk3-immodule-xim, p-cpe:/a:centos:centos:gvfs-fuse, p-cpe:/a:centos:centos:pango, p-cpe:/a:centos:centos:gvfs-afc, p-cpe:/a:centos:centos:gnome-settings-daemon, p-cpe:/a:centos:centos:mutter, p-cpe:/a:centos:centos:gnome-control-center-filesystem, p-cpe:/a:centos:centos:plymouth-theme-script, p-cpe:/a:centos:centos:gnome-shell-extension-common, p-cpe:/a:centos:centos:plymouth-system-theme, p-cpe:/a:centos:centos:gnome-software, p-cpe:/a:centos:centos:gnome-software-editor, p-cpe:/a:centos:centos:plymouth-plugin-space-flares, p-cpe:/a:centos:centos:baobab, p-cpe:/a:centos:centos:gdm, p-cpe:/a:centos:centos:sdl-devel, p-cpe:/a:centos:centos:gnome-remote-desktop, p-cpe:/a:centos:centos:plymouth-plugin-fade-throbber, p-cpe:/a:centos:centos:plymouth-theme-charge, p-cpe:/a:centos:centos:gdk-pixbuf2-xlib-devel, p-cpe:/a:centos:centos:gnome-classic-session, p-cpe:/a:centos:centos:wayland-protocols-devel, p-cpe:/a:centos:centos:gjs, p-cpe:/a:centos:centos:pidgin-devel, p-cpe:/a:centos:centos:plymouth-plugin-label, p-cpe:/a:centos:centos:gsettings-desktop-schemas, p-cpe:/a:centos:centos:gnome-shell-extension-user-theme, p-cpe:/a:centos:centos:plymouth-plugin-script, p-cpe:/a:centos:centos:mozjs60-devel, p-cpe:/a:centos:centos:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:centos:centos:accountsservice-devel, p-cpe:/a:centos:centos:gnome-shell-extension-disable-screenshield, p-cpe:/a:centos:centos:gnome-shell-extension-places-menu, p-cpe:/a:centos:centos:gnome-shell-extension-panel-favorites, p-cpe:/a:centos:centos:gnome-shell-extension-updates-dialog, p-cpe:/a:centos:centos:gvfs, p-cpe:/a:centos:centos:gdk-pixbuf2-devel, p-cpe:/a:centos:centos:gnome-shell-extension-desktop-icons, p-cpe:/a:centos:centos:plymouth-plugin-two-step, p-cpe:/a:centos:centos:plymouth-graphics-libs, p-cpe:/a:centos:centos:gnome-shell-extension-native-window-placement, p-cpe:/a:centos:centos:gnome-control-center, p-cpe:/a:centos:centos:evince-nautilus, p-cpe:/a:centos:centos:nautilus, p-cpe:/a:centos:centos:mozjs60, cpe:/o:centos:centos:8, p-cpe:/a:centos:centos:gvfs-archive, p-cpe:/a:centos:centos:gnome-shell-extension-window-list, p-cpe:/a:centos:centos:plymouth-scripts, p-cpe:/a:centos:centos:appstream-data, p-cpe:/a:centos:centos:gjs-devel, p-cpe:/a:centos:centos:sdl, p-cpe:/a:centos:centos:plymouth-plugin-throbgress, p-cpe:/a:centos:centos:gnome-shell-extension-systemmonitor, p-cpe:/a:centos:centos:gvfs-gphoto2, p-cpe:/a:centos:centos:gnome-desktop3, p-cpe:/a:centos:centos:plymouth-theme-fade-in, p-cpe:/a:centos:centos:gnome-shell-extension-workspace-indicator, p-cpe:/a:centos:centos:gvfs-client, p-cpe:/a:centos:centos:gsettings-desktop-schemas-devel, p-cpe:/a:centos:centos:gnome-shell-extension-no-hot-corner, p-cpe:/a:centos:centos:gnome-shell, p-cpe:/a:centos:centos:webkit2gtk3-devel, p-cpe:/a:centos:centos:gnome-shell-extension-window-grouper, p-cpe:/a:centos:centos:accountsservice, p-cpe:/a:centos:centos:gnome-desktop3-devel, p-cpe:/a:centos:centos:nautilus-extensions, p-cpe:/a:centos:centos:gnome-shell-extension-auto-move-windows, p-cpe:/a:centos:centos:pidgin, p-cpe:/a:centos:centos:gnome-shell-extension-apps-menu, p-cpe:/a:centos:centos:gtk3-devel, p-cpe:/a:centos:centos:gnome-shell-extension-top-icons, p-cpe:/a:centos:centos:gvfs-devel, p-cpe:/a:centos:centos:pango-devel, p-cpe:/a:centos:centos:libpurple-devel, p-cpe:/a:centos:centos:plymouth, p-cpe:/a:centos:centos:gnome-shell-extension-windowsnavigator, p-cpe:/a:centos:centos:gvfs-mtp, p-cpe:/a:centos:centos:webkit2gtk3-jsc, p-cpe:/a:centos:centos:evince-browser-plugin, p-cpe:/a:centos:centos:nautilus-devel, p-cpe:/a:centos:centos:gtk-update-icon-cache, p-cpe:/a:centos:centos:gnome-shell-extension-dash-to-dock, p-cpe:/a:centos:centos:webkit2gtk3, p-cpe:/a:centos:centos:gvfs-afp, p-cpe:/a:centos:centos:gnome-shell-extension-launch-new-instance, p-cpe:/a:centos:centos:plymouth-theme-spinner, p-cpe:/a:centos:centos:evince, p-cpe:/a:centos:centos:gdk-pixbuf2, p-cpe:/a:centos:centos:chrome-gnome-shell, p-cpe:/a:centos:centos:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:centos:centos:gdk-pixbuf2-modules, p-cpe:/a:centos:centos:accountsservice-libs, p-cpe:/a:centos:centos:webkit2gtk3-plugin-process-gtk2, p-cpe:/a:centos:centos:gnome-shell-extension-drive-menu, p-cpe:/a:centos:centos:evince-libs, p-cpe:/a:centos:centos:libpurple, p-cpe:/a:centos:centos:plymouth-theme-spinfinity, p-cpe:/a:centos:centos:mutter-devel, p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel, p-cpe:/a:centos:centos:gnome-tweaks
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/CentOS/release, Host/CentOS/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/5/2019
Vulnerability Publication Date: 1/14/2019
CISA Known Exploited Vulnerability Due Dates: 5/25/2022
Reference Information
CVE: CVE-2019-11070, CVE-2019-11459, CVE-2019-12795, CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8666, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8679, CVE-2019-8681, CVE-2019-8686, CVE-2019-8687, CVE-2019-8689, CVE-2019-8690, CVE-2019-8726, CVE-2019-8735, CVE-2019-8768
BID: 108497, 108566, 108741, 109328, 109329
RHSA: 2019:3553