Lucene search

CentOS ProjectCESA-2018:3140

HistoryNov 15, 2018 - 6:43 p.m.

PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update

Vulners
Centos
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update

2018-11-1518:43:07

CentOS Project

lists.centos.org

666

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.919 High

EPSS

Percentile

99.0%

JSON

CentOS Errata and Security Advisory CESA-2018:3140

GNOME is the default desktop environment of Red Hat Enterprise Linux.

Security Fix(es):

libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910)
poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)
libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733)
libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767)
poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768)
poppler: out of bounds read in pdfunite (CVE-2018-13988)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Affected packages:
PackageKit
PackageKit-command-not-found
PackageKit-cron
PackageKit-glib
PackageKit-glib-devel
PackageKit-gstreamer-plugin
PackageKit-gtk3-module
PackageKit-yum
PackageKit-yum-plugin
accountsservice
accountsservice-devel
accountsservice-libs
adwaita-cursor-theme
adwaita-gtk2-theme
adwaita-icon-theme
adwaita-icon-theme-devel
appstream-data
at-spi2-atk
at-spi2-atk-devel
at-spi2-core
at-spi2-core-devel
atk
atk-devel
baobab
bolt
brasero
brasero-devel
brasero-libs
brasero-nautilus
cairo
cairo-devel
cairo-gobject
cairo-gobject-devel
cairo-tools
cheese
cheese-libs
cheese-libs-devel
clutter-gst3
clutter-gst3-devel
compat-exiv2-023
compat-libical1
control-center
control-center-filesystem
dconf
dconf-devel
dconf-editor
devhelp
devhelp-devel
devhelp-libs
ekiga
empathy
eog
eog-devel
evince
evince-browser-plugin
evince-devel
evince-dvi
evince-libs
evince-nautilus
evolution
evolution-bogofilter
evolution-data-server
evolution-data-server-devel
evolution-data-server-doc
evolution-data-server-langpacks
evolution-data-server-perl
evolution-data-server-tests
evolution-devel
evolution-devel-docs
evolution-ews
evolution-ews-langpacks
evolution-help
evolution-langpacks
evolution-mapi
evolution-mapi-langpacks
evolution-pst
evolution-spamassassin
evolution-tests
file-roller
file-roller-nautilus
flatpak
flatpak-builder
flatpak-devel
flatpak-libs
folks
folks-devel
folks-tools
fontconfig
fontconfig-devel
fontconfig-devel-doc
freetype
freetype-demos
freetype-devel
fribidi
fribidi-devel
fwupd
fwupd-devel
fwupdate
fwupdate-devel
fwupdate-efi
fwupdate-libs
gcr
gcr-devel
gdk-pixbuf2
gdk-pixbuf2-devel
gdk-pixbuf2-tests
gdm
gdm-devel
gdm-pam-extensions-devel
gedit
gedit-devel
gedit-plugin-bookmarks
gedit-plugin-bracketcompletion
gedit-plugin-charmap
gedit-plugin-codecomment
gedit-plugin-colorpicker
gedit-plugin-colorschemer
gedit-plugin-commander
gedit-plugin-drawspaces
gedit-plugin-findinfiles
gedit-plugin-joinlines
gedit-plugin-multiedit
gedit-plugin-smartspaces
gedit-plugin-synctex
gedit-plugin-terminal
gedit-plugin-textsize
gedit-plugin-translate
gedit-plugin-wordcompletion
gedit-plugins
gedit-plugins-data
geoclue2
geoclue2-demos
geoclue2-devel
geoclue2-libs
geocode-glib
geocode-glib-devel
gjs
gjs-devel
gjs-tests
glade
glade-devel
glade-libs
glib-networking
glib-networking-tests
glib2
glib2-devel
glib2-doc
glib2-fam
glib2-static
glib2-tests
glibmm24
glibmm24-devel
glibmm24-doc
gnome-backgrounds
gnome-bluetooth
gnome-bluetooth-libs
gnome-bluetooth-libs-devel
gnome-boxes
gnome-calculator
gnome-classic-session
gnome-clocks
gnome-color-manager
gnome-contacts
gnome-desktop3
gnome-desktop3-devel
gnome-desktop3-tests
gnome-devel-docs
gnome-dictionary
gnome-disk-utility
gnome-documents
gnome-documents-libs
gnome-font-viewer
gnome-getting-started-docs
gnome-getting-started-docs-cs
gnome-getting-started-docs-de
gnome-getting-started-docs-es
gnome-getting-started-docs-fr
gnome-getting-started-docs-gl
gnome-getting-started-docs-hu
gnome-getting-started-docs-it
gnome-getting-started-docs-pl
gnome-getting-started-docs-pt_BR
gnome-getting-started-docs-ru
gnome-initial-setup
gnome-keyring
gnome-keyring-pam
gnome-online-accounts
gnome-online-accounts-devel
gnome-online-miners
gnome-packagekit
gnome-packagekit-common
gnome-packagekit-installer
gnome-packagekit-updater
gnome-screenshot
gnome-session
gnome-session-custom-session
gnome-session-wayland-session
gnome-session-xsession
gnome-settings-daemon
gnome-settings-daemon-devel
gnome-shell
gnome-shell-extension-alternate-tab
gnome-shell-extension-apps-menu
gnome-shell-extension-auto-move-windows
gnome-shell-extension-common
gnome-shell-extension-dash-to-dock
gnome-shell-extension-drive-menu
gnome-shell-extension-launch-new-instance
gnome-shell-extension-native-window-placement
gnome-shell-extension-no-hot-corner
gnome-shell-extension-panel-favorites
gnome-shell-extension-places-menu
gnome-shell-extension-screenshot-window-sizer
gnome-shell-extension-systemMonitor
gnome-shell-extension-top-icons
gnome-shell-extension-updates-dialog
gnome-shell-extension-user-theme
gnome-shell-extension-window-list
gnome-shell-extension-windowsNavigator
gnome-shell-extension-workspace-indicator
gnome-software
gnome-software-devel
gnome-software-editor
gnome-system-monitor
gnome-terminal
gnome-terminal-nautilus
gnome-themes-standard
gnome-tweak-tool
gnome-user-docs
gnote
gobject-introspection
gobject-introspection-devel
gom
gom-devel
google-noto-emoji-color-fonts
google-noto-emoji-fonts
grilo
grilo-devel
grilo-plugins
gsettings-desktop-schemas
gsettings-desktop-schemas-devel
gspell
gspell-devel
gspell-doc
gssdp
gssdp-devel
gssdp-docs
gssdp-utils
gstreamer1-plugins-base
gstreamer1-plugins-base-devel
gstreamer1-plugins-base-devel-docs
gstreamer1-plugins-base-tools
gtk-doc
gtk-update-icon-cache
gtk3
gtk3-devel
gtk3-devel-docs
gtk3-immodule-xim
gtk3-immodules
gtk3-tests
gtksourceview3
gtksourceview3-devel
gtksourceview3-tests
gucharmap
gucharmap-devel
gucharmap-libs
gupnp
gupnp-devel
gupnp-docs
gupnp-igd
gupnp-igd-devel
gupnp-igd-python
gvfs
gvfs-afc
gvfs-afp
gvfs-archive
gvfs-client
gvfs-devel
gvfs-fuse
gvfs-goa
gvfs-gphoto2
gvfs-mtp
gvfs-smb
gvfs-tests
harfbuzz
harfbuzz-devel
harfbuzz-icu
json-glib
json-glib-devel
json-glib-tests
libappstream-glib
libappstream-glib-builder
libappstream-glib-builder-devel
libappstream-glib-devel
libchamplain
libchamplain-demos
libchamplain-devel
libchamplain-gtk
libcroco
libcroco-devel
libgdata
libgdata-devel
libgee
libgee-devel
libgepub
libgepub-devel
libgexiv2
libgexiv2-devel
libgnomekbd
libgnomekbd-devel
libgovirt
libgovirt-devel
libgtop2
libgtop2-devel
libgweather
libgweather-devel
libgxps
libgxps-devel
libgxps-tools
libical
libical-devel
libical-glib
libical-glib-devel
libical-glib-doc
libmediaart
libmediaart-devel
libmediaart-tests
libosinfo
libosinfo-devel
libosinfo-vala
libpeas
libpeas-devel
libpeas-gtk
libpeas-loader-python
librsvg2
librsvg2-devel
librsvg2-tools
libsecret
libsecret-devel
libsoup
libsoup-devel
libwayland-client
libwayland-cursor
libwayland-egl
libwayland-server
libwnck3
libwnck3-devel
mozjs52
mozjs52-devel
mutter
mutter-devel
nautilus
nautilus-devel
nautilus-extensions
nautilus-sendto
openchange
openchange-client
openchange-devel
openchange-devel-docs
osinfo-db
pango
pango-devel
pango-tests
poppler
poppler-cpp
poppler-cpp-devel
poppler-demos
poppler-devel
poppler-glib
poppler-glib-devel
poppler-qt
poppler-qt-devel
poppler-utils
python2-gexiv2
python2-pyatspi
rest
rest-devel
rhythmbox
rhythmbox-devel
seahorse-nautilus
shotwell
sushi
totem
totem-devel
totem-nautilus
totem-pl-parser
totem-pl-parser-devel
upower
upower-devel
upower-devel-docs
vala
vala-devel
vala-doc
valadoc
valadoc-devel
vino
vte-profile
vte291
vte291-devel
wayland-devel
wayland-doc
wayland-protocols-devel
webkitgtk4
webkitgtk4-devel
webkitgtk4-doc
webkitgtk4-jsc
webkitgtk4-jsc-devel
webkitgtk4-plugin-process-gtk2
xdg-desktop-portal
xdg-desktop-portal-devel
xdg-desktop-portal-gtk
yelp
yelp-devel
yelp-libs
yelp-tools
yelp-xsl
yelp-xsl-devel
zenity

Upstream details at:
https://access.redhat.com/errata/RHSA-2018:3140

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64accountsservice< 0.6.50-2.el7accountsservice-0.6.50-2.el7.x86_64.rpm
CentOS7i686accountsservice-devel< 0.6.50-2.el7accountsservice-devel-0.6.50-2.el7.i686.rpm
CentOS7x86_64accountsservice-devel< 0.6.50-2.el7accountsservice-devel-0.6.50-2.el7.x86_64.rpm
CentOS7i686accountsservice-libs< 0.6.50-2.el7accountsservice-libs-0.6.50-2.el7.i686.rpm
CentOS7x86_64accountsservice-libs< 0.6.50-2.el7accountsservice-libs-0.6.50-2.el7.x86_64.rpm
CentOS7noarchadwaita-cursor-theme< 3.28.0-1.el7adwaita-cursor-theme-3.28.0-1.el7.noarch.rpm
CentOS7noarchadwaita-icon-theme< 3.28.0-1.el7adwaita-icon-theme-3.28.0-1.el7.noarch.rpm
CentOS7noarchadwaita-icon-theme-devel< 3.28.0-1.el7adwaita-icon-theme-devel-3.28.0-1.el7.noarch.rpm
CentOS7noarchappstream-data< 7-20180614.el7appstream-data-7-20180614.el7.noarch.rpm
CentOS7i686atk< 2.28.1-1.el7atk-2.28.1-1.el7.i686.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	accountsservice	< 0.6.50-2.el7	accountsservice-0.6.50-2.el7.x86_64.rpm
CentOS	7	i686	accountsservice-devel	< 0.6.50-2.el7	accountsservice-devel-0.6.50-2.el7.i686.rpm
CentOS	7	x86_64	accountsservice-devel	< 0.6.50-2.el7	accountsservice-devel-0.6.50-2.el7.x86_64.rpm
CentOS	7	i686	accountsservice-libs	< 0.6.50-2.el7	accountsservice-libs-0.6.50-2.el7.i686.rpm
CentOS	7	x86_64	accountsservice-libs	< 0.6.50-2.el7	accountsservice-libs-0.6.50-2.el7.x86_64.rpm
CentOS	7	noarch	adwaita-cursor-theme	< 3.28.0-1.el7	adwaita-cursor-theme-3.28.0-1.el7.noarch.rpm
CentOS	7	noarch	adwaita-icon-theme	< 3.28.0-1.el7	adwaita-icon-theme-3.28.0-1.el7.noarch.rpm
CentOS	7	noarch	adwaita-icon-theme-devel	< 3.28.0-1.el7	adwaita-icon-theme-devel-3.28.0-1.el7.noarch.rpm
CentOS	7	noarch	appstream-data	< 7-20180614.el7	appstream-data-7-20180614.el7.noarch.rpm
CentOS	7	i686	atk	< 2.28.1-1.el7	atk-2.28.1-1.el7.i686.rpm