安全公告详情

NS-SA-2021-0076

2021-03-09 14:30:32

简介

moderate: gnome-settings-daemon/gnupg2 security update

严重级别

moderate

主题

An update for gnome-settings-daemon/gnupg2 is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

gnome-settings-daemon: The gnome-settings-daemon-devel package contains libraries and header files for developing applications that use gnome-settings-daemon.
gnupg2: This package provides debug sources for package gnupg2. Debug sources are useful when developing applications that use this package or when debugging this package.


Security Fix(es):
gnome-settings-daemon: A flaw was found in the GNOME Control Center, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.(CVE-2020-14391)
gnome-settings-daemon: bugfix
gnupg2: Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.(CVE-2019-13050)
gnupg2: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.50B5.

影响组件

  • gnome-settings-daemon
  • gnupg2

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["gnome-settings-daemon-devel-3.32.0-11.el8.x86_64.rpm","gnome-settings-daemon-debugsource-3.32.0-11.el8.x86_64.rpm","gnome-settings-daemon-debuginfo-3.32.0-11.el8.x86_64.rpm","gnome-settings-daemon-3.32.0-11.el8.x86_64.rpm"],"source":"gnome-settings-daemon-3.32.0-11.el8.src.rpm"},{"binary":["gnupg2-debugsource-2.2.20-2.el8.x86_64.rpm","gnupg2-smime-2.2.20-2.el8.x86_64.rpm","gnupg2-smime-debuginfo-2.2.20-2.el8.x86_64.rpm","gnupg2-2.2.20-2.el8.x86_64.rpm","gnupg2-debuginfo-2.2.20-2.el8.x86_64.rpm"],"source":"gnupg2-2.2.20-2.el8.src.rpm"}]}]}

CVE

参考