安全公告详情

NS-SA-2023-0013

2023-04-11 10:31:16

简介

moderate: atk/gnome-shell-extensions security update

严重级别

moderate

主题

An update for atk/gnome-shell-extensions is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

atk: This package includes libraries, header files, and developer documentation needed for development of applications or toolkits which use ATK.
gnome-shell-extensions: This GNOME Shell extension adds a GNOME 2.x style menu for applications.


Security Fix(es):
atk: It was discovered evolution-ews does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.(CVE-2019-3890)
atk: GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.(CVE-2018-15587)
atk: bugfix
gnome-shell-extensions: An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.(CVE-2018-5819)
gnome-shell-extensions: An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.(CVE-2018-5818)
gnome-shell-extensions: A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.(CVE-2019-3820)
gnome-shell-extensions: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F15B7.

影响组件

  • atk
  • gnome-shell-extensions

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["atk-devel-2.28.1-2.el7.x86_64.rpm","atk-debuginfo-2.28.1-2.el7.x86_64.rpm","atk-2.28.1-2.el7.x86_64.rpm"],"source":"atk-2.28.1-2.el7.src.rpm"},{"binary":["gnome-shell-extension-apps-menu-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-drive-menu-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-panel-favorites-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-native-window-placement-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-windowsNavigator-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-places-menu-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-workspace-indicator-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-extra-osk-keys-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-auto-move-windows-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-horizontal-workspaces-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-user-theme-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-alternate-tab-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-screenshot-window-sizer-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-top-icons-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-dash-to-dock-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-disable-screenshield-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-common-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-no-hot-corner-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-launch-new-instance-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-systemMonitor-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-updates-dialog-3.28.1-17.el7_9.noarch.rpm","gnome-classic-session-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-window-list-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-window-grouper-3.28.1-17.el7_9.noarch.rpm"],"source":"gnome-shell-extensions-3.28.1-17.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["atk-devel-2.28.1-2.el7.x86_64.rpm","atk-debuginfo-2.28.1-2.el7.x86_64.rpm","atk-2.28.1-2.el7.x86_64.rpm"],"source":"atk-2.28.1-2.el7.src.rpm"},{"binary":["gnome-shell-extension-apps-menu-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-drive-menu-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-panel-favorites-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-native-window-placement-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-windowsNavigator-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-places-menu-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-workspace-indicator-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-extra-osk-keys-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-auto-move-windows-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-horizontal-workspaces-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-user-theme-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-alternate-tab-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-screenshot-window-sizer-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-top-icons-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-dash-to-dock-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-disable-screenshield-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-common-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-no-hot-corner-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-launch-new-instance-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-systemMonitor-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-updates-dialog-3.28.1-17.el7_9.noarch.rpm","gnome-classic-session-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-window-list-3.28.1-17.el7_9.noarch.rpm","gnome-shell-extension-window-grouper-3.28.1-17.el7_9.noarch.rpm"],"source":"gnome-shell-extensions-3.28.1-17.el7_9.src.rpm"}]}]}

CVE

参考