Rocky Linux 8 : GNOME (RLSA-2020:4451)

critical Nessus Plugin ID 184669

Synopsis

The remote Rocky Linux host is missing one or more security updates.

Description

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4451 advisory.

- A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8625)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8710)

- A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. (CVE-2019-8720)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8743)

- A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)

- An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)

- This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8835)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8844)

- A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8846)

- WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)

- A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). (CVE-2020-11793)

- A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. (CVE-2020-14391)

- LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)

- A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)

- A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-3865, CVE-2020-3868)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
(CVE-2020-3867)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)

- A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. (CVE-2020-3894)

- A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-3895, CVE-2020-3900)

- A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)

- A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
(CVE-2020-3899)

- A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-3901)

- An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
(CVE-2020-3902)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-9802)

- A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9803)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.
(CVE-2020-9805)

- A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9806, CVE-2020-9807)

- An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9843)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)

- A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. (CVE-2020-9862)

- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)

- An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9894)

- An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2020-9925)

- An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.
Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)

- A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)

- A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)

- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.rockylinux.org/RLSA-2020:4451

https://bugzilla.redhat.com/show_bug.cgi?id=1207179

https://bugzilla.redhat.com/show_bug.cgi?id=1566027

https://bugzilla.redhat.com/show_bug.cgi?id=1569868

https://bugzilla.redhat.com/show_bug.cgi?id=1652178

https://bugzilla.redhat.com/show_bug.cgi?id=1656262

https://bugzilla.redhat.com/show_bug.cgi?id=1668895

https://bugzilla.redhat.com/show_bug.cgi?id=1692536

https://bugzilla.redhat.com/show_bug.cgi?id=1706008

https://bugzilla.redhat.com/show_bug.cgi?id=1706076

https://bugzilla.redhat.com/show_bug.cgi?id=1715845

https://bugzilla.redhat.com/show_bug.cgi?id=1719937

https://bugzilla.redhat.com/show_bug.cgi?id=1758891

https://bugzilla.redhat.com/show_bug.cgi?id=1775345

https://bugzilla.redhat.com/show_bug.cgi?id=1778579

https://bugzilla.redhat.com/show_bug.cgi?id=1779691

https://bugzilla.redhat.com/show_bug.cgi?id=1794045

https://bugzilla.redhat.com/show_bug.cgi?id=1804719

https://bugzilla.redhat.com/show_bug.cgi?id=1805929

https://bugzilla.redhat.com/show_bug.cgi?id=1811721

https://bugzilla.redhat.com/show_bug.cgi?id=1814820

https://bugzilla.redhat.com/show_bug.cgi?id=1816070

https://bugzilla.redhat.com/show_bug.cgi?id=1816678

https://bugzilla.redhat.com/show_bug.cgi?id=1816684

https://bugzilla.redhat.com/show_bug.cgi?id=1816686

https://bugzilla.redhat.com/show_bug.cgi?id=1817143

https://bugzilla.redhat.com/show_bug.cgi?id=1820759

https://bugzilla.redhat.com/show_bug.cgi?id=1820760

https://bugzilla.redhat.com/show_bug.cgi?id=1824362

https://bugzilla.redhat.com/show_bug.cgi?id=1827030

https://bugzilla.redhat.com/show_bug.cgi?id=1829369

https://bugzilla.redhat.com/show_bug.cgi?id=1832347

https://bugzilla.redhat.com/show_bug.cgi?id=1833158

https://bugzilla.redhat.com/show_bug.cgi?id=1837381

https://bugzilla.redhat.com/show_bug.cgi?id=1837406

https://bugzilla.redhat.com/show_bug.cgi?id=1837413

https://bugzilla.redhat.com/show_bug.cgi?id=1837648

https://bugzilla.redhat.com/show_bug.cgi?id=1840080

https://bugzilla.redhat.com/show_bug.cgi?id=1840788

https://bugzilla.redhat.com/show_bug.cgi?id=1843486

https://bugzilla.redhat.com/show_bug.cgi?id=1844578

https://bugzilla.redhat.com/show_bug.cgi?id=1846191

https://bugzilla.redhat.com/show_bug.cgi?id=1847051

https://bugzilla.redhat.com/show_bug.cgi?id=1847061

https://bugzilla.redhat.com/show_bug.cgi?id=1847062

https://bugzilla.redhat.com/show_bug.cgi?id=1847203

https://bugzilla.redhat.com/show_bug.cgi?id=1853477

https://bugzilla.redhat.com/show_bug.cgi?id=1854734

https://bugzilla.redhat.com/show_bug.cgi?id=1866332

https://bugzilla.redhat.com/show_bug.cgi?id=1868260

https://bugzilla.redhat.com/show_bug.cgi?id=1872270

https://bugzilla.redhat.com/show_bug.cgi?id=1873093

https://bugzilla.redhat.com/show_bug.cgi?id=1873963

https://bugzilla.redhat.com/show_bug.cgi?id=1876462

https://bugzilla.redhat.com/show_bug.cgi?id=1876463

https://bugzilla.redhat.com/show_bug.cgi?id=1876465

https://bugzilla.redhat.com/show_bug.cgi?id=1876468

https://bugzilla.redhat.com/show_bug.cgi?id=1876470

https://bugzilla.redhat.com/show_bug.cgi?id=1876472

https://bugzilla.redhat.com/show_bug.cgi?id=1876473

https://bugzilla.redhat.com/show_bug.cgi?id=1876476

https://bugzilla.redhat.com/show_bug.cgi?id=1876516

https://bugzilla.redhat.com/show_bug.cgi?id=1876518

https://bugzilla.redhat.com/show_bug.cgi?id=1876521

https://bugzilla.redhat.com/show_bug.cgi?id=1876522

https://bugzilla.redhat.com/show_bug.cgi?id=1876523

https://bugzilla.redhat.com/show_bug.cgi?id=1876536

https://bugzilla.redhat.com/show_bug.cgi?id=1876537

https://bugzilla.redhat.com/show_bug.cgi?id=1876540

https://bugzilla.redhat.com/show_bug.cgi?id=1876543

https://bugzilla.redhat.com/show_bug.cgi?id=1876545

https://bugzilla.redhat.com/show_bug.cgi?id=1876548

https://bugzilla.redhat.com/show_bug.cgi?id=1876549

https://bugzilla.redhat.com/show_bug.cgi?id=1876550

https://bugzilla.redhat.com/show_bug.cgi?id=1876552

https://bugzilla.redhat.com/show_bug.cgi?id=1876553

https://bugzilla.redhat.com/show_bug.cgi?id=1876554

https://bugzilla.redhat.com/show_bug.cgi?id=1876555

https://bugzilla.redhat.com/show_bug.cgi?id=1876556

https://bugzilla.redhat.com/show_bug.cgi?id=1876590

https://bugzilla.redhat.com/show_bug.cgi?id=1876591

https://bugzilla.redhat.com/show_bug.cgi?id=1876594

https://bugzilla.redhat.com/show_bug.cgi?id=1876607

https://bugzilla.redhat.com/show_bug.cgi?id=1876611

https://bugzilla.redhat.com/show_bug.cgi?id=1876617

https://bugzilla.redhat.com/show_bug.cgi?id=1876619

https://bugzilla.redhat.com/show_bug.cgi?id=1877853

https://bugzilla.redhat.com/show_bug.cgi?id=1879532

https://bugzilla.redhat.com/show_bug.cgi?id=1879535

https://bugzilla.redhat.com/show_bug.cgi?id=1879536

https://bugzilla.redhat.com/show_bug.cgi?id=1879538

https://bugzilla.redhat.com/show_bug.cgi?id=1879540

https://bugzilla.redhat.com/show_bug.cgi?id=1879541

https://bugzilla.redhat.com/show_bug.cgi?id=1879545

https://bugzilla.redhat.com/show_bug.cgi?id=1879557

https://bugzilla.redhat.com/show_bug.cgi?id=1879559

https://bugzilla.redhat.com/show_bug.cgi?id=1879563

https://bugzilla.redhat.com/show_bug.cgi?id=1879564

https://bugzilla.redhat.com/show_bug.cgi?id=1879566

https://bugzilla.redhat.com/show_bug.cgi?id=1879568

https://bugzilla.redhat.com/show_bug.cgi?id=1880339

Plugin Details

Severity: Critical

ID: 184669

File Name: rocky_linux_RLSA-2020-4451.nasl

Version: 1.1

Type: local

Published: 11/6/2023

Updated: 11/7/2023

Supported Sensors: Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-3899

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-9895

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:python3-gobject-base-debuginfo, p-cpe:/a:rocky:linux:dleyna-renderer-debugsource, p-cpe:/a:rocky:linux:packagekit-glib, p-cpe:/a:rocky:linux:frei0r-plugins-opencv, p-cpe:/a:rocky:linux:libraw-devel, p-cpe:/a:rocky:linux:gnome-remote-desktop-debuginfo, p-cpe:/a:rocky:linux:pipewire-doc, p-cpe:/a:rocky:linux:dleyna-renderer, p-cpe:/a:rocky:linux:pipewire-utils, p-cpe:/a:rocky:linux:pipewire, p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk, p-cpe:/a:rocky:linux:python3-gobject-debuginfo, p-cpe:/a:rocky:linux:libsoup-debuginfo, p-cpe:/a:rocky:linux:libsoup-debugsource, p-cpe:/a:rocky:linux:webrtc-audio-processing-debugsource, p-cpe:/a:rocky:linux:gnome-session-wayland-session, p-cpe:/a:rocky:linux:potrace-debugsource, p-cpe:/a:rocky:linux:python3-gobject, p-cpe:/a:rocky:linux:pipewire-debuginfo, p-cpe:/a:rocky:linux:gsettings-desktop-schemas, p-cpe:/a:rocky:linux:packagekit, p-cpe:/a:rocky:linux:packagekit-command-not-found, p-cpe:/a:rocky:linux:frei0r-plugins-opencv-debuginfo, p-cpe:/a:rocky:linux:frei0r-devel, p-cpe:/a:rocky:linux:packagekit-glib-debuginfo, p-cpe:/a:rocky:linux:frei0r-plugins-debuginfo, p-cpe:/a:rocky:linux:tracker-debuginfo, p-cpe:/a:rocky:linux:packagekit-debugsource, p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel, p-cpe:/a:rocky:linux:vte291-debugsource, p-cpe:/a:rocky:linux:pipewire-devel, p-cpe:/a:rocky:linux:libsoup, p-cpe:/a:rocky:linux:pipewire-libs, p-cpe:/a:rocky:linux:pipewire-debugsource, p-cpe:/a:rocky:linux:tracker-devel, p-cpe:/a:rocky:linux:gtk3-debugsource, p-cpe:/a:rocky:linux:gtk3-devel-debuginfo, p-cpe:/a:rocky:linux:gtk-update-icon-cache, p-cpe:/a:rocky:linux:packagekit-gstreamer-plugin, p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo, p-cpe:/a:rocky:linux:pipewire0.2-libs, p-cpe:/a:rocky:linux:gnome-session, p-cpe:/a:rocky:linux:gtk3, p-cpe:/a:rocky:linux:packagekit-glib-devel, p-cpe:/a:rocky:linux:vte291-devel, p-cpe:/a:rocky:linux:potrace, p-cpe:/a:rocky:linux:gnome-remote-desktop-debugsource, p-cpe:/a:rocky:linux:vte-profile, p-cpe:/a:rocky:linux:gnome-session-xsession, p-cpe:/a:rocky:linux:packagekit-gtk3-module-debuginfo, p-cpe:/a:rocky:linux:gtk3-immodule-xim, p-cpe:/a:rocky:linux:python3-gobject-base, p-cpe:/a:rocky:linux:pipewire0.2-libs-debuginfo, p-cpe:/a:rocky:linux:libsoup-devel, p-cpe:/a:rocky:linux:pipewire-utils-debuginfo, p-cpe:/a:rocky:linux:dleyna-renderer-debuginfo, p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo, p-cpe:/a:rocky:linux:gtk3-devel, p-cpe:/a:rocky:linux:vte291-debuginfo, p-cpe:/a:rocky:linux:gtk3-debuginfo, p-cpe:/a:rocky:linux:libraw, p-cpe:/a:rocky:linux:packagekit-cron, p-cpe:/a:rocky:linux:pygobject3-debugsource, p-cpe:/a:rocky:linux:tracker-debugsource, p-cpe:/a:rocky:linux:libraw-debugsource, p-cpe:/a:rocky:linux:pygobject3-devel, p-cpe:/a:rocky:linux:gnome-remote-desktop, p-cpe:/a:rocky:linux:frei0r-plugins, p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk-debuginfo, p-cpe:/a:rocky:linux:potrace-debuginfo, cpe:/o:rocky:linux:8, p-cpe:/a:rocky:linux:pipewire-libs-debuginfo, p-cpe:/a:rocky:linux:libraw-debuginfo, p-cpe:/a:rocky:linux:packagekit-gstreamer-plugin-debuginfo, p-cpe:/a:rocky:linux:pipewire0.2-debugsource, p-cpe:/a:rocky:linux:frei0r-plugins-debugsource, p-cpe:/a:rocky:linux:pygobject3-debuginfo, p-cpe:/a:rocky:linux:webrtc-audio-processing-debuginfo, p-cpe:/a:rocky:linux:packagekit-debuginfo, p-cpe:/a:rocky:linux:tracker, p-cpe:/a:rocky:linux:packagekit-command-not-found-debuginfo, p-cpe:/a:rocky:linux:gnome-session-debuginfo, p-cpe:/a:rocky:linux:webrtc-audio-processing, p-cpe:/a:rocky:linux:vte291-devel-debuginfo, p-cpe:/a:rocky:linux:vte291, p-cpe:/a:rocky:linux:packagekit-gtk3-module, p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk-debugsource, p-cpe:/a:rocky:linux:gnome-session-debugsource, p-cpe:/a:rocky:linux:pipewire0.2-devel

Required KB Items: Host/local_checks_enabled, Host/RockyLinux/release, Host/RockyLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/3/2020

Vulnerability Publication Date: 9/23/2019

CISA Known Exploited Vulnerability Due Dates: 11/17/2021, 6/13/2022

Exploitable With

Metasploit (Safari in Operator Side Effect Exploit)

Reference Information

CVE: CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-10018, CVE-2020-11793, CVE-2020-14391, CVE-2020-15503, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-9952, CVE-2021-30666, CVE-2021-30761, CVE-2021-30762