CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
54.5%
CentOS Errata and Security Advisory CESA-2018:0223
Nautilus is the file manager and graphical shell for the GNOME desktop.
Security Fix(es):
Note: This update will change the behavior of Nautilus. Nautilus will now prompt the user for confirmation when executing an untrusted .desktop file for the first time, and then add it to the trusted file list. Desktop files stored in the system directory, as specified by the XDG_DATA_DIRS environment variable, are always considered trusted and executed without prompt.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2018-January/084896.html
Affected packages:
nautilus
nautilus-devel
nautilus-extensions
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:0223
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | nautilus | < 3.22.3-4.el7_4 | nautilus-3.22.3-4.el7_4.i686.rpm |
CentOS | 7 | x86_64 | nautilus | < 3.22.3-4.el7_4 | nautilus-3.22.3-4.el7_4.x86_64.rpm |
CentOS | 7 | i686 | nautilus-devel | < 3.22.3-4.el7_4 | nautilus-devel-3.22.3-4.el7_4.i686.rpm |
CentOS | 7 | x86_64 | nautilus-devel | < 3.22.3-4.el7_4 | nautilus-devel-3.22.3-4.el7_4.x86_64.rpm |
CentOS | 7 | i686 | nautilus-extensions | < 3.22.3-4.el7_4 | nautilus-extensions-3.22.3-4.el7_4.i686.rpm |
CentOS | 7 | x86_64 | nautilus-extensions | < 3.22.3-4.el7_4 | nautilus-extensions-3.22.3-4.el7_4.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
54.5%