[gentoo-announce] [ GLSA 201908-28 ] GNOME desktop library: Security bypass - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201908-28 ] GNOME desktop library: Security bypass
Date:	Sat, 31 Aug 2019 21:16:42
Message-Id:	`ac8a76d6-5688-2373-1e71-2389345066ef@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201908-28

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: GNOME desktop library: Security bypass

9

     Date: August 31, 2019

10

     Bugs: #692782

11

       ID: 201908-28

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

A vulnerability in the GNOME desktop library may allow attackers to

19

escape the sandbox.

20

21

Background

22

==========

23

24

Library with common API for various GNOME modules.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  gnome-base/gnome-desktop

33

                                 < 3.30.2.3               >= 3.30.2.3

34

35

Description

36

===========

37

38

A vulnerability was discovered in the GNOME desktop library which

39

allows an attacker to escape the sandbox.

40

41

Impact

42

======

43

44

A local attacker could possibly bypass sandbox protection.

45

46

Workaround

47

==========

48

49

There is no known workaround at this time.

50

51

Resolution

52

==========

53

54

All GNOME desktop library users should upgrade to the latest version:

55

56

  # emerge --sync

57

  # emerge --ask --oneshot -v ">=gnome-base/gnome-desktop-3.30.2.3"

58

59

References

60

==========

61

62

[ 1 ] CVE-2019-11460

63

      https://nvd.nist.gov/vuln/detail/CVE-2019-11460

64

65

Availability

66

============

67

68

This GLSA and any updates to it are available for viewing at

69

the Gentoo Security Website:

70

71

 https://security.gentoo.org/glsa/201908-28

72

73

Concerns?

74

=========

75

76

Security is a primary focus of Gentoo Linux and ensuring the

77

confidentiality and security of our users' machines is of utmost

78

importance to us. Any security concerns should be addressed to

79

security@g.o or alternatively, you may file a bug at

80

https://bugs.gentoo.org.

81

82

License

83

=======

84

85

Copyright 2019 Gentoo Foundation, Inc; referenced text

86

belongs to its owner(s).

87

88

The contents of this document are licensed under the

89

Creative Commons - Attribution / Share Alike license.

90

91

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201908-28
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: GNOME desktop library: Security bypass
9	Date: August 31, 2019
10	Bugs: #692782
11	ID: 201908-28
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	A vulnerability in the GNOME desktop library may allow attackers to
19	escape the sandbox.
20
21	Background
22	==========
23
24	Library with common API for various GNOME modules.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 gnome-base/gnome-desktop
33	< 3.30.2.3 >= 3.30.2.3
34
35	Description
36	===========
37
38	A vulnerability was discovered in the GNOME desktop library which
39	allows an attacker to escape the sandbox.
40
41	Impact
42	======
43
44	A local attacker could possibly bypass sandbox protection.
45
46	Workaround
47	==========
48
49	There is no known workaround at this time.
50
51	Resolution
52	==========
53
54	All GNOME desktop library users should upgrade to the latest version:
55
56	# emerge --sync
57	# emerge --ask --oneshot -v ">=gnome-base/gnome-desktop-3.30.2.3"
58
59	References
60	==========
61
62	[ 1 ] CVE-2019-11460
63	https://nvd.nist.gov/vuln/detail/CVE-2019-11460
64
65	Availability
66	============
67
68	This GLSA and any updates to it are available for viewing at
69	the Gentoo Security Website:
70
71	https://security.gentoo.org/glsa/201908-28
72
73	Concerns?
74	=========
75
76	Security is a primary focus of Gentoo Linux and ensuring the
77	confidentiality and security of our users' machines is of utmost
78	importance to us. Any security concerns should be addressed to
79	security@g.o or alternatively, you may file a bug at
80	https://bugs.gentoo.org.
81
82	License
83	=======
84
85	Copyright 2019 Gentoo Foundation, Inc; referenced text
86	belongs to its owner(s).
87
88	The contents of this document are licensed under the
89	Creative Commons - Attribution / Share Alike license.
90
91	https://creativecommons.org/licenses/by-sa/2.5