RHEL 8 : GNOME (RHSA-2020:4451)

critical Nessus Plugin ID 142418

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4451 advisory.

- webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625, CVE-2019-8813, CVE-2020-3867)

- webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8710, CVE-2019-8720, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3868)

- webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8743)

- webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8764)

- webkitgtk: Websites could reveal browsing history (CVE-2019-8769)

- webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771)

- webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835, CVE-2019-8844)

- webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846)

- webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018)

- webkitgtk: use-after-free via crafted web content (CVE-2020-11793)

- gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)

- LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)

- webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862)

- webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864)

- webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865)

- webkitgtk: Incorrect processing of file URLs (CVE-2020-3885)

- webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894)

- webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895)

- webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901)

- webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899)

- webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3900)

- webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902)

- webkitgtk: Logic issue may lead to arbitrary code execution (CVE-2020-9802, CVE-2020-9850)

- webkitgtk: Memory corruption may lead to arbitrary code execution (CVE-2020-9803, CVE-2020-9806, CVE-2020-9807)

- webkitgtk: Logic issue may lead to cross site scripting (CVE-2020-9805)

- webkitgtk: Input validation issue may lead to cross site scripting (CVE-2020-9843)

- webkitgtk: Command injection in web inspector (CVE-2020-9862)

- webkitgtk: Use-after-free may lead to application termination or arbitrary code execution (CVE-2020-9893, CVE-2020-9895)

- webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution (CVE-2020-9894)

- webkitgtk: Access issue in content security policy (CVE-2020-9915)

- webkitgtk: A logic issue may lead to cross site scripting (CVE-2020-9925)

- webkitgtk: input validation issue may lead to a cross site scripting (CVE-2020-9952)

- webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30666)

- webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30761)

- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30762)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://cwe.mitre.org/data/definitions/20.html

https://cwe.mitre.org/data/definitions/77.html

https://cwe.mitre.org/data/definitions/79.html

https://cwe.mitre.org/data/definitions/119.html

https://cwe.mitre.org/data/definitions/120.html

https://cwe.mitre.org/data/definitions/125.html

https://cwe.mitre.org/data/definitions/284.html

https://cwe.mitre.org/data/definitions/400.html

https://cwe.mitre.org/data/definitions/416.html

https://cwe.mitre.org/data/definitions/522.html

https://cwe.mitre.org/data/definitions/841.html

https://access.redhat.com/security/cve/CVE-2019-8625

https://access.redhat.com/security/cve/CVE-2019-8710

https://access.redhat.com/security/cve/CVE-2019-8720

https://access.redhat.com/security/cve/CVE-2019-8743

https://access.redhat.com/security/cve/CVE-2019-8764

https://access.redhat.com/security/cve/CVE-2019-8766

https://access.redhat.com/security/cve/CVE-2019-8769

https://access.redhat.com/security/cve/CVE-2019-8771

https://access.redhat.com/security/cve/CVE-2019-8782

https://access.redhat.com/security/cve/CVE-2019-8783

https://access.redhat.com/security/cve/CVE-2019-8808

https://access.redhat.com/security/cve/CVE-2019-8811

https://access.redhat.com/security/cve/CVE-2019-8812

https://access.redhat.com/security/cve/CVE-2019-8813

https://access.redhat.com/security/cve/CVE-2019-8814

https://access.redhat.com/security/cve/CVE-2019-8815

https://access.redhat.com/security/cve/CVE-2019-8816

https://access.redhat.com/security/cve/CVE-2019-8819

https://access.redhat.com/security/cve/CVE-2019-8820

https://access.redhat.com/security/cve/CVE-2019-8823

https://access.redhat.com/security/cve/CVE-2019-8835

https://access.redhat.com/security/cve/CVE-2019-8844

https://access.redhat.com/security/cve/CVE-2019-8846

https://access.redhat.com/security/cve/CVE-2020-3862

https://access.redhat.com/security/cve/CVE-2020-3864

https://access.redhat.com/security/cve/CVE-2020-3865

https://access.redhat.com/security/cve/CVE-2020-3867

https://access.redhat.com/security/cve/CVE-2020-3868

https://access.redhat.com/security/cve/CVE-2020-3885

https://access.redhat.com/security/cve/CVE-2020-3894

https://access.redhat.com/security/cve/CVE-2020-3895

https://access.redhat.com/security/cve/CVE-2020-3897

https://access.redhat.com/security/cve/CVE-2020-3899

https://access.redhat.com/security/cve/CVE-2020-3900

https://access.redhat.com/security/cve/CVE-2020-3901

https://access.redhat.com/security/cve/CVE-2020-3902

https://access.redhat.com/security/cve/CVE-2020-9802

https://access.redhat.com/security/cve/CVE-2020-9803

https://access.redhat.com/security/cve/CVE-2020-9805

https://access.redhat.com/security/cve/CVE-2020-9806

https://access.redhat.com/security/cve/CVE-2020-9807

https://access.redhat.com/security/cve/CVE-2020-9843

https://access.redhat.com/security/cve/CVE-2020-9850

https://access.redhat.com/security/cve/CVE-2020-9862

https://access.redhat.com/security/cve/CVE-2020-9893

https://access.redhat.com/security/cve/CVE-2020-9894

https://access.redhat.com/security/cve/CVE-2020-9895

https://access.redhat.com/security/cve/CVE-2020-9915

https://access.redhat.com/security/cve/CVE-2020-9925

https://access.redhat.com/security/cve/CVE-2020-9952

https://access.redhat.com/security/cve/CVE-2020-10018

https://access.redhat.com/security/cve/CVE-2020-11793

https://access.redhat.com/security/cve/CVE-2020-14391

https://access.redhat.com/security/cve/CVE-2020-15503

https://access.redhat.com/security/cve/CVE-2021-30666

https://access.redhat.com/security/cve/CVE-2021-30761

https://access.redhat.com/security/cve/CVE-2021-30762

https://access.redhat.com/errata/RHSA-2020:4451

https://bugzilla.redhat.com/1811721

https://bugzilla.redhat.com/1816678

https://bugzilla.redhat.com/1816684

https://bugzilla.redhat.com/1816686

https://bugzilla.redhat.com/1829369

https://bugzilla.redhat.com/1853477

https://bugzilla.redhat.com/1873093

https://bugzilla.redhat.com/1876462

https://bugzilla.redhat.com/1876463

https://bugzilla.redhat.com/1876465

https://bugzilla.redhat.com/1876468

https://bugzilla.redhat.com/1876470

https://bugzilla.redhat.com/1876472

https://bugzilla.redhat.com/1876473

https://bugzilla.redhat.com/1876476

https://bugzilla.redhat.com/1876516

https://bugzilla.redhat.com/1876518

https://bugzilla.redhat.com/1876521

https://bugzilla.redhat.com/1876522

https://bugzilla.redhat.com/1876523

https://bugzilla.redhat.com/1876536

https://bugzilla.redhat.com/1876537

https://bugzilla.redhat.com/1876540

https://bugzilla.redhat.com/1876543

https://bugzilla.redhat.com/1876545

https://bugzilla.redhat.com/1876548

https://bugzilla.redhat.com/1876549

https://bugzilla.redhat.com/1876550

https://bugzilla.redhat.com/1876552

https://bugzilla.redhat.com/1876553

https://bugzilla.redhat.com/1876554

https://bugzilla.redhat.com/1876555

https://bugzilla.redhat.com/1876556

https://bugzilla.redhat.com/1876590

https://bugzilla.redhat.com/1876591

https://bugzilla.redhat.com/1876594

https://bugzilla.redhat.com/1876607

https://bugzilla.redhat.com/1876611

https://bugzilla.redhat.com/1876617

https://bugzilla.redhat.com/1876619

https://bugzilla.redhat.com/1879532

https://bugzilla.redhat.com/1879535

https://bugzilla.redhat.com/1879536

https://bugzilla.redhat.com/1879538

https://bugzilla.redhat.com/1879540

https://bugzilla.redhat.com/1879541

https://bugzilla.redhat.com/1879545

https://bugzilla.redhat.com/1879557

https://bugzilla.redhat.com/1879559

https://bugzilla.redhat.com/1879563

https://bugzilla.redhat.com/1879564

https://bugzilla.redhat.com/1879566

https://bugzilla.redhat.com/1879568

https://bugzilla.redhat.com/1901219

https://bugzilla.redhat.com/1986877

https://bugzilla.redhat.com/1986894

https://bugzilla.redhat.com/1986898

Plugin Details

Severity: Critical

ID: 142418

File Name: redhat-RHSA-2020-4451.nasl

Version: 1.10

Type: local

Agent: unix

Published: 11/4/2020

Updated: 5/25/2022

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2020-3899

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-9895

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.4, cpe:/o:redhat:rhel_e4s:8.4, cpe:/o:redhat:rhel_eus:8.4, cpe:/o:redhat:rhel_tus:8.4, p-cpe:/a:redhat:enterprise_linux:LibRaw, p-cpe:/a:redhat:enterprise_linux:LibRaw-devel, p-cpe:/a:redhat:enterprise_linux:PackageKit, p-cpe:/a:redhat:enterprise_linux:PackageKit-command-not-found, p-cpe:/a:redhat:enterprise_linux:PackageKit-cron, p-cpe:/a:redhat:enterprise_linux:PackageKit-glib, p-cpe:/a:redhat:enterprise_linux:PackageKit-glib-devel, p-cpe:/a:redhat:enterprise_linux:PackageKit-gstreamer-plugin, p-cpe:/a:redhat:enterprise_linux:PackageKit-gtk3-module, p-cpe:/a:redhat:enterprise_linux:dleyna-renderer, p-cpe:/a:redhat:enterprise_linux:frei0r-devel, p-cpe:/a:redhat:enterprise_linux:frei0r-plugins, p-cpe:/a:redhat:enterprise_linux:frei0r-plugins-opencv, p-cpe:/a:redhat:enterprise_linux:gdm, p-cpe:/a:redhat:enterprise_linux:gnome-classic-session, p-cpe:/a:redhat:enterprise_linux:gnome-control-center, p-cpe:/a:redhat:enterprise_linux:gnome-control-center-filesystem, p-cpe:/a:redhat:enterprise_linux:gnome-photos, p-cpe:/a:redhat:enterprise_linux:gnome-photos-tests, p-cpe:/a:redhat:enterprise_linux:gnome-remote-desktop, p-cpe:/a:redhat:enterprise_linux:gnome-session, p-cpe:/a:redhat:enterprise_linux:gnome-session-wayland-session, p-cpe:/a:redhat:enterprise_linux:gnome-session-xsession, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon, p-cpe:/a:redhat:enterprise_linux:gnome-shell, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-apps-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-common, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-desktop-icons, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-drive-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-native-window-placement, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-panel-favorites, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-places-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-systemMonitor, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-top-icons, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-updates-dialog, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-user-theme, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-grouper, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-list, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-windowsNavigator, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:redhat:enterprise_linux:gnome-terminal, p-cpe:/a:redhat:enterprise_linux:gnome-terminal-nautilus, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas-devel, p-cpe:/a:redhat:enterprise_linux:gtk-doc, p-cpe:/a:redhat:enterprise_linux:gtk-update-icon-cache, p-cpe:/a:redhat:enterprise_linux:gtk3, p-cpe:/a:redhat:enterprise_linux:gtk3-devel, p-cpe:/a:redhat:enterprise_linux:gtk3-immodule-xim, p-cpe:/a:redhat:enterprise_linux:gvfs, p-cpe:/a:redhat:enterprise_linux:gvfs-afc, p-cpe:/a:redhat:enterprise_linux:gvfs-afp, p-cpe:/a:redhat:enterprise_linux:gvfs-archive, p-cpe:/a:redhat:enterprise_linux:gvfs-client, p-cpe:/a:redhat:enterprise_linux:gvfs-devel, p-cpe:/a:redhat:enterprise_linux:gvfs-fuse, p-cpe:/a:redhat:enterprise_linux:gvfs-goa, p-cpe:/a:redhat:enterprise_linux:gvfs-gphoto2, p-cpe:/a:redhat:enterprise_linux:gvfs-mtp, p-cpe:/a:redhat:enterprise_linux:gvfs-smb, p-cpe:/a:redhat:enterprise_linux:libsoup, p-cpe:/a:redhat:enterprise_linux:libsoup-devel, p-cpe:/a:redhat:enterprise_linux:mutter, p-cpe:/a:redhat:enterprise_linux:mutter-devel, p-cpe:/a:redhat:enterprise_linux:nautilus, p-cpe:/a:redhat:enterprise_linux:nautilus-devel, p-cpe:/a:redhat:enterprise_linux:nautilus-extensions, p-cpe:/a:redhat:enterprise_linux:pipewire, p-cpe:/a:redhat:enterprise_linux:pipewire-devel, p-cpe:/a:redhat:enterprise_linux:pipewire-doc, p-cpe:/a:redhat:enterprise_linux:pipewire-libs, p-cpe:/a:redhat:enterprise_linux:pipewire-utils, p-cpe:/a:redhat:enterprise_linux:pipewire0.2-devel, p-cpe:/a:redhat:enterprise_linux:pipewire0.2-libs, p-cpe:/a:redhat:enterprise_linux:potrace, p-cpe:/a:redhat:enterprise_linux:pygobject3-devel, p-cpe:/a:redhat:enterprise_linux:python3-gobject, p-cpe:/a:redhat:enterprise_linux:python3-gobject-base, p-cpe:/a:redhat:enterprise_linux:tracker, p-cpe:/a:redhat:enterprise_linux:tracker-devel, p-cpe:/a:redhat:enterprise_linux:vte-profile, p-cpe:/a:redhat:enterprise_linux:vte291, p-cpe:/a:redhat:enterprise_linux:vte291-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel, p-cpe:/a:redhat:enterprise_linux:webrtc-audio-processing, p-cpe:/a:redhat:enterprise_linux:xdg-desktop-portal, p-cpe:/a:redhat:enterprise_linux:xdg-desktop-portal-gtk

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/4/2020

Vulnerability Publication Date: 9/23/2019

CISA Known Exploited Dates: 6/13/2022

Exploitable With

Metasploit (Safari in Operator Side Effect Exploit)

Reference Information

CVE: CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793, CVE-2020-14391, CVE-2020-15503

RHSA: 2020:4451

CWE: 20, 77, 79, 119, 120, 125, 284, 400, 416, 522, 841