Detections
Analytics

Oracle Linux 7 : GNOME (ELSA-2020-1021)

medium Nessus Plugin ID 180693

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1021 advisory.

 accountsservice [0.6.50-7]
 - version bump to prevent future update path introduced by RHBA-2019:45836 Resolves: #1721562

 colord [1.3.4-2]
 - Downgrade a trivial warning to a debug statement
 - Resolves: #1421231

 control-center [3.28.1-6]
 - Calculate better extents for the configured displays arrangement Resolves: #1591643

 [3.28.1-5]
 - Fix crash in thunderbolt panel Resolves: #1672289

 gdm [3.28.2-22]
 - Fix PostSession on reboot too
 - Fix spew in log on shutdown Related: #1547158

 [3.28.2-18]
 - Include gdm-disable-wayland binary Resolves: #1749325

 [3.28.2-17]
 - Fix PostSession Resolves: #1547158

 gnome-online-accounts [3.28.2-1]
 - Update to 3.28.2 Resolves: #1674534

 gnome-settings-daemon [3.28.1-8]
 - Add display mapping check specific for the Dell Canvas Resolves: #1548320

 [3.28.1-7]
 - Fallback scale properly without org.gnome.Mutter.DisplayConfig Resolves: #1556776

 [3.28.1-6]
 - Handle rfkill device disappearing Resolves: #1691197

 gnome-shell [3.28.3-24]
 - Fix orphaned animation actors Related: #1753799

 [3.28.3-23]
 - Fix 'Not Listed?' entry to shows characters instead of bullets Resolves: #1772896

 [3.28.3-22]
 - Fix partial lock screen bypass Resolves: #1669393

 [3.28.3-21]
 - Add missing comma neglected in last build Related: #1766501

 [3.28.3-20]
 - Performance backports Resolves: #1766501

 [3.28.3-19]
 - Fix crash when window removed Resolves: #1752547

 [3.28.3-18]
 - Change method for handling rapid mouse input better Resolves: #1657887

 [3.28.3-17]
 - Handle rapid mouse input better Resolves: #1657887

 [3.28.3-16]
 - Support horizontal workspace layouts Related: #1720286

 [3.28.3-15]
 - Backport window management crash fix Resolves: #1743913

 gnome-shell-extensions [3.28.1-11]
 - A couple of fixes to the classic backports Resolves: #1778270

 [3.28.1-10]
 - Fix unwanted appearance of workspace switcher menu Resolves: #1752357

 [3.28.1-9]
 - Make classic mode more classic Resolves: #1720286

 [3.28.1-8]
 - Add extra-osk-keys extension Resolves: #1702417

 gnome-tweak-tool [3.28.1-7]
 - Resolves: #1789491 (Extensions panel is empty)

 [3.28.1-6]
 - Resolves: #1460768 (Cannot hide desktop icons in classic mode)
 - Resolves: #1607839 (Invisible panel is made visible on click between Setting and Toggle button)

 [3.28.1-5]
 - Reflect extension status in the UI
 - Resolves: #1474852

 [3.28.1-4]
 - Fix keyboard panel crashes
 - Resolves: #1667421

 [3.28.1-3]
 - Fixes to port to python2
 - Resolves: #1610335

 gsettings-desktop-schemas [3.28.0-3]
 - add setting to display Show Password menu Related: #1506370

 gtk3 [3.22.30-5]
 - Handle lack of SVG loader gracefully
 - Resolves: #1660642

 [3.22.30-4]
 - Clamp X11 window size both when creating and resizing
 - Resolves: #1687745

 libcanberra [0.30-9]
 - Quiet theme sounds when not available (rebuild for 7.8)
 - Resolves: rhbz#1556800

 [0.30-8]
 - Quiet theme sounds when not available (rebuild)
 - Resolves: rhbz#1556800

 [0.30-7]
 - Quiet theme sounds when not available
 - Resolves: rhbz#1556800

 [0.30-6]
 - Add quiet option
 - Resolves: rhbz#1556800

 libgweather [3.28.2-3]
 - Fix multilib conflict in subpackage (#1623538)

 LibRaw [0.19.4-1]
 - Update to 0.19.4
 - Resolves: #1741274

 mutter [3.28.3-20]
 - Free close dialog before unmanaging parent Related: #1753799

 [3.28.3-19]
 - Fix invalid read in idle monitor Resolves: #1752378

 [3.28.3-18]
 - More performance backports Resolves: #1766501

 [3.28.3-17]
 - Dont freeze if input happens after many days of inactivity Resolves: #1728761

 [3.28.3-16]
 - Dont loose pointer button grabs Resolves: #1657887

 [3.28.3-15]
 - Expose workspace layout as properties Related: #1720286

 nautilus [3.26.1-7]
 - Remove brasero-nautilus requirement from s390x and ppc64 arches (rhbz#1723283)

 osinfo-db [20190805-2.0.1]
 - Add Oracle os info files

 [20190805-2]
 - Resolves: rhbz#1750807 - Fedora/RHEL/CentOS JeOS kickstart files for unattended installation are broken

 [20190805-1]
 - Resolves: rhbz#1737367 - Update to latest upstream release
 - Resolves: rhbz#1737369 - Add 7.8 to the osinfo-db which will be used on 7.8

 shared-mime-info [1.8-5]
 - support new toplevel font types Resolves: #1678448

 tracker [1.10.5-8]
 - Avoid dconf warnings in tracker-extract Resolves: #1474305 Resolves: #1508660

 [1.10.5-7]
 - Fix potential crash on files ending with invalid UTF-8 Resolves: #1646345

 xchat [1:2.8.8-25]
 - Fix a typo in the patch to restore the status icon after resuming Resolves: #1544840

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2020-1021.html

Plugin Details

Severity: Medium

ID: 180693

File Name: oraclelinux_ELSA-2020-1021.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-3820

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu, p-cpe:/a:oracle:linux:libcanberra-gtk2, p-cpe:/a:oracle:linux:gtk3-tests, p-cpe:/a:oracle:linux:gnome-shell-extension-extra-osk-keys, p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme, p-cpe:/a:oracle:linux:gdm-pam-extensions-devel, p-cpe:/a:oracle:linux:gnome-settings-daemon, p-cpe:/a:oracle:linux:mutter-devel, p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor, p-cpe:/a:oracle:linux:gnome-settings-daemon-devel, p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel, p-cpe:/a:oracle:linux:colord, p-cpe:/a:oracle:linux:colord-devel, p-cpe:/a:oracle:linux:libcanberra, p-cpe:/a:oracle:linux:accountsservice-devel, p-cpe:/a:oracle:linux:libraw-static, p-cpe:/a:oracle:linux:nautilus-devel, p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:oracle:linux:shared-mime-info, p-cpe:/a:oracle:linux:tracker-docs, p-cpe:/a:oracle:linux:gnome-shell-extension-window-list, p-cpe:/a:oracle:linux:gnome-shell, p-cpe:/a:oracle:linux:accountsservice-libs, p-cpe:/a:oracle:linux:gnome-shell-extension-common, p-cpe:/a:oracle:linux:gtk3-devel, p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites, p-cpe:/a:oracle:linux:mutter, p-cpe:/a:oracle:linux:gtk3, p-cpe:/a:oracle:linux:libraw, p-cpe:/a:oracle:linux:tracker, p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:oracle:linux:control-center, p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator, p-cpe:/a:oracle:linux:gdm-devel, p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:oracle:linux:gnome-online-accounts, p-cpe:/a:oracle:linux:gnome-shell-extension-alternate-tab, p-cpe:/a:oracle:linux:gtk3-immodules, p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:oracle:linux:colord-extra-profiles, p-cpe:/a:oracle:linux:gtk3-devel-docs, p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons, p-cpe:/a:oracle:linux:colord-devel-docs, p-cpe:/a:oracle:linux:libcanberra-gtk3, p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper, p-cpe:/a:oracle:linux:nautilus-extensions, p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:oracle:linux:gnome-classic-session, p-cpe:/a:oracle:linux:colord-libs, p-cpe:/a:oracle:linux:libgweather-devel, p-cpe:/a:oracle:linux:accountsservice, p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu, p-cpe:/a:oracle:linux:xchat-tcl, p-cpe:/a:oracle:linux:libraw-devel, p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu, p-cpe:/a:oracle:linux:gtk-update-icon-cache, p-cpe:/a:oracle:linux:tracker-devel, p-cpe:/a:oracle:linux:tracker-needle, p-cpe:/a:oracle:linux:gnome-online-accounts-devel, p-cpe:/a:oracle:linux:libcanberra-devel, p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:oracle:linux:control-center-filesystem, p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:nautilus, p-cpe:/a:oracle:linux:gsettings-desktop-schemas, p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog, p-cpe:/a:oracle:linux:xchat, p-cpe:/a:oracle:linux:gnome-tweak-tool, p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement, p-cpe:/a:oracle:linux:libgweather, p-cpe:/a:oracle:linux:tracker-preferences, p-cpe:/a:oracle:linux:gtk3-immodule-xim, p-cpe:/a:oracle:linux:gdm

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/6/2020

Vulnerability Publication Date: 1/25/2019

Reference Information

CVE: CVE-2019-3820