Detections
Analytics

Oracle Linux 7 : GNOME / Shell (ELSA-2015-0535)

medium Nessus Plugin ID 81807

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-0535 advisory.

 clutter [1.14.4-12]
 - Include upstream patch to prevent a crash when hitting hardware limits Resolves: rhbz#1115162

 [1.14.4-11]
 - Fix a typo in the Requires

 [1.14.4-10]
 - Add patch for quadbuffer stereo suppport Resolves: rhbz#1108891

 cogl [1.14.1-6]
 - Add patches for quadbuffer stereo suppport Resolves: rhbz#1108890

 [1.14.0-5.2]
 - Ensure the glBlitFramebuffer case is not hit for swrast, since that's still broken.

 gnome-shell [3.8.4-45]
 - Don't inform GDM about session changes that came from GDM Resolves: #1163474

 [3.8.4-44]
 - If password authentication is disabled and smartcard authentication is enabled and smartcard isn't plugged in at start up, prompt user for smartcard Resolves: #1159385

 [3.8.4-43]
 - Support long login banner messages more effectively Resolves: #1110036

 [3.8.4-42]
 - Respect disk-writes lockdown setting Resolves: rhbz#1154122

 [3.8.4-41]
 - Disallow consecutive screenshot requests to avoid an OOM situation Resolves: rhbz#1154107

 [3.8.4-41]
 - Add option to limit app switcher to current workspace Resolves: rhbz#1101568

 [3.8.4-40]
 - Try harder to use the default calendar application Resolves: rhbz#1052201

 [3.8.4-40]
 - Update workspace switcher fix Resolves: rhbz#1092102

 [3.8.4-39]
 - Validate screenshot parameters Resolves: rhbz#1104694

 [3.8.4-38]
 - Fix shrinking workspace switcher Resolves: rhbz#1092102

 [3.8.4-38]
 - Update fix for vertical monitor layouts to upstream fix Resolves: rhbz#1075240

 [3.8.4-38]
 - Fix traceback introduced in 3.8.4-36 when unlocking via user switcher Related: #1101333

 [3.8.4-37]
 - Fix problems with LDAP and disable-user-list=TRUE Resolves: rhbz#1137041

 [3.8.4-36]
 - Fix login screen focus issue following idle Resolves: rhbz#1101333

 [3.8.4-35]
 - Disallow cancel from login screen before login attempt has been initiated.
 Resolves: rhbz#1109530

 [3.8.4-34]
 - Disallow cancel from login screen after login is already commencing.
 Resolves: rhbz#1079294

 [3.8.4-33]
 - Add a patch for quadbuffer stereo suppport Resolves: rhbz#1108893

 mutter [3.8.4.16]
 - Fix window placement regression Resolves: rhbz#1153641

 [3.8.4-15]
 - Fix delayed mouse mode Resolves: rhbz#1149585

 [3.8.4-14]
 - Preserve window placement on monitor changes Resolves: rhbz#1126754

 [3.8.4-13]
 - Improve handling of vertical monitor layouts Resolves: rhbz#1108322

 [3.8.4-13]
 - Add patches for quadbuffer stereo suppport Fix a bad performance problem drawing window thumbnails Resolves: rhbz#861507

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2015-0535.html

Plugin Details

Severity: Medium

ID: 81807

File Name: oraclelinux_ELSA-2015-0535.nasl

Version: 1.11

Type: local

Agent: unix

Published: 3/13/2015

Updated: 11/1/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-7300

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:gnome-shell, p-cpe:/a:oracle:linux:cogl, p-cpe:/a:oracle:linux:cogl-devel, p-cpe:/a:oracle:linux:mutter, p-cpe:/a:oracle:linux:mutter-devel, p-cpe:/a:oracle:linux:cogl-doc, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:clutter, p-cpe:/a:oracle:linux:gnome-shell-browser-plugin, p-cpe:/a:oracle:linux:clutter-devel, p-cpe:/a:oracle:linux:clutter-doc

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 3/12/2015

Vulnerability Publication Date: 12/25/2014

Reference Information

CVE: CVE-2014-7300

BID: 70178

RHSA: 2015:0535