RHEL 7 : GNOME (RHSA-2020:1021)

Medium Nessus Plugin ID 135044

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 4.2

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1021 advisory.

- gnome-shell: partial lock screen bypass (CVE-2019-3820)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://cwe.mitre.org/data/definitions/285.html

https://access.redhat.com/errata/RHSA-2020:1021

https://access.redhat.com/security/cve/CVE-2019-3820

https://bugzilla.redhat.com/1421231

https://bugzilla.redhat.com/1474305

https://bugzilla.redhat.com/1506370

https://bugzilla.redhat.com/1547158

https://bugzilla.redhat.com/1556776

https://bugzilla.redhat.com/1556800

https://bugzilla.redhat.com/1583836

https://bugzilla.redhat.com/1607839

https://bugzilla.redhat.com/1624461

https://bugzilla.redhat.com/1630686

https://bugzilla.redhat.com/1632904

https://bugzilla.redhat.com/1638727

https://bugzilla.redhat.com/1646345

https://bugzilla.redhat.com/1657887

https://bugzilla.redhat.com/1672289

https://bugzilla.redhat.com/1674534

https://bugzilla.redhat.com/1678448

https://bugzilla.redhat.com/1687745

https://bugzilla.redhat.com/1691197

https://bugzilla.redhat.com/1691474

https://bugzilla.redhat.com/1702417

https://bugzilla.redhat.com/1720286

https://bugzilla.redhat.com/1721562

https://bugzilla.redhat.com/1723283

https://bugzilla.redhat.com/1728761

https://bugzilla.redhat.com/1737367

https://bugzilla.redhat.com/1737369

https://bugzilla.redhat.com/1737515

https://bugzilla.redhat.com/1741274

https://bugzilla.redhat.com/1743913

https://bugzilla.redhat.com/1749325

https://bugzilla.redhat.com/1750807

https://bugzilla.redhat.com/1752357

https://bugzilla.redhat.com/1752367

https://bugzilla.redhat.com/1752378

https://bugzilla.redhat.com/1752547

https://bugzilla.redhat.com/1753799

https://bugzilla.redhat.com/1766501

https://bugzilla.redhat.com/1772896

https://bugzilla.redhat.com/1778270

https://bugzilla.redhat.com/1789491

Plugin Details

Severity: Medium

ID: 135044

File Name: redhat-RHSA-2020-1021.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/03/31

Updated: 2020/04/21

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 4.2

CVSS Score Source: CVE-2019-3820

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7::client, cpe:/o:redhat:enterprise_linux:7::computenode, cpe:/o:redhat:enterprise_linux:7::server, cpe:/o:redhat:enterprise_linux:7::workstation, p-cpe:/a:redhat:enterprise_linux:LibRaw, p-cpe:/a:redhat:enterprise_linux:LibRaw-devel, p-cpe:/a:redhat:enterprise_linux:LibRaw-static, p-cpe:/a:redhat:enterprise_linux:accountsservice, p-cpe:/a:redhat:enterprise_linux:accountsservice-devel, p-cpe:/a:redhat:enterprise_linux:accountsservice-libs, p-cpe:/a:redhat:enterprise_linux:colord, p-cpe:/a:redhat:enterprise_linux:colord-devel, p-cpe:/a:redhat:enterprise_linux:colord-devel-docs, p-cpe:/a:redhat:enterprise_linux:colord-extra-profiles, p-cpe:/a:redhat:enterprise_linux:colord-libs, p-cpe:/a:redhat:enterprise_linux:control-center, p-cpe:/a:redhat:enterprise_linux:control-center-filesystem, p-cpe:/a:redhat:enterprise_linux:gdm, p-cpe:/a:redhat:enterprise_linux:gdm-devel, p-cpe:/a:redhat:enterprise_linux:gdm-pam-extensions-devel, p-cpe:/a:redhat:enterprise_linux:gnome-classic-session, p-cpe:/a:redhat:enterprise_linux:gnome-online-accounts, p-cpe:/a:redhat:enterprise_linux:gnome-online-accounts-devel, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-alternate-tab, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-apps-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-common, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-drive-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-extra-osk-keys, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-native-window-placement, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-panel-favorites, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-places-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-systemMonitor, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-top-icons, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-updates-dialog, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-user-theme, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-grouper, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-list, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-windowsNavigator, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:redhat:enterprise_linux:gnome-tweak-tool, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas-devel, p-cpe:/a:redhat:enterprise_linux:gtk-update-icon-cache, p-cpe:/a:redhat:enterprise_linux:gtk3, p-cpe:/a:redhat:enterprise_linux:gtk3-devel, p-cpe:/a:redhat:enterprise_linux:gtk3-devel-docs, p-cpe:/a:redhat:enterprise_linux:gtk3-immodule-xim, p-cpe:/a:redhat:enterprise_linux:gtk3-immodules, p-cpe:/a:redhat:enterprise_linux:gtk3-tests, p-cpe:/a:redhat:enterprise_linux:libcanberra, p-cpe:/a:redhat:enterprise_linux:libcanberra-devel, p-cpe:/a:redhat:enterprise_linux:libcanberra-gtk2, p-cpe:/a:redhat:enterprise_linux:libcanberra-gtk3, p-cpe:/a:redhat:enterprise_linux:libgweather, p-cpe:/a:redhat:enterprise_linux:libgweather-devel, p-cpe:/a:redhat:enterprise_linux:meson, p-cpe:/a:redhat:enterprise_linux:mutter, p-cpe:/a:redhat:enterprise_linux:mutter-devel, p-cpe:/a:redhat:enterprise_linux:nautilus, p-cpe:/a:redhat:enterprise_linux:nautilus-devel, p-cpe:/a:redhat:enterprise_linux:nautilus-extensions, p-cpe:/a:redhat:enterprise_linux:osinfo-db, p-cpe:/a:redhat:enterprise_linux:shared-mime-info, p-cpe:/a:redhat:enterprise_linux:tracker, p-cpe:/a:redhat:enterprise_linux:tracker-devel, p-cpe:/a:redhat:enterprise_linux:tracker-docs, p-cpe:/a:redhat:enterprise_linux:tracker-needle, p-cpe:/a:redhat:enterprise_linux:tracker-preferences, p-cpe:/a:redhat:enterprise_linux:xchat, p-cpe:/a:redhat:enterprise_linux:xchat-tcl

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/03/31

Vulnerability Publication Date: 2019/02/06

Reference Information

CVE: CVE-2019-3820

BID: 107305

RHSA: 2020:1021

CWE: 285