Detections
Analytics

Oracle Linux 8 : GNOME (ELSA-2019-3553)

high Nessus Plugin ID 180839

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3553 advisory.

 - The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. (CVE-2019-11459)

 - daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) (CVE-2019-12795)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2019-3553.html

Plugin Details

Severity: High

ID: 180839

File Name: oraclelinux_ELSA-2019-3553.nasl

Version: 1.0

Type: local

Agent: unix

Published: 9/7/2023

Updated: 9/7/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-12795

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:sdl, p-cpe:/a:oracle:linux:sdl-devel, p-cpe:/a:oracle:linux:accountsservice, p-cpe:/a:oracle:linux:accountsservice-devel, p-cpe:/a:oracle:linux:accountsservice-libs, p-cpe:/a:oracle:linux:appstream-data, p-cpe:/a:oracle:linux:baobab, p-cpe:/a:oracle:linux:chrome-gnome-shell, p-cpe:/a:oracle:linux:evince, p-cpe:/a:oracle:linux:evince-browser-plugin, p-cpe:/a:oracle:linux:evince-libs, p-cpe:/a:oracle:linux:evince-nautilus, p-cpe:/a:oracle:linux:file-roller, p-cpe:/a:oracle:linux:gdk-pixbuf2, p-cpe:/a:oracle:linux:gdk-pixbuf2-devel, p-cpe:/a:oracle:linux:gdk-pixbuf2-modules, p-cpe:/a:oracle:linux:gdk-pixbuf2-xlib, p-cpe:/a:oracle:linux:gdk-pixbuf2-xlib-devel, p-cpe:/a:oracle:linux:gdm, p-cpe:/a:oracle:linux:gjs, p-cpe:/a:oracle:linux:gjs-devel, p-cpe:/a:oracle:linux:gnome-classic-session, p-cpe:/a:oracle:linux:gnome-control-center, p-cpe:/a:oracle:linux:gnome-control-center-filesystem, p-cpe:/a:oracle:linux:gnome-desktop3, p-cpe:/a:oracle:linux:gnome-desktop3-devel, p-cpe:/a:oracle:linux:gnome-remote-desktop, p-cpe:/a:oracle:linux:gnome-settings-daemon, p-cpe:/a:oracle:linux:gnome-shell, p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu, p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:oracle:linux:gnome-shell-extension-common, p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons, p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu, p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement, p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites, p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu, p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor, p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons, p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog, p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme, p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper, p-cpe:/a:oracle:linux:gnome-shell-extension-window-list, p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator, p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:oracle:linux:gnome-software, p-cpe:/a:oracle:linux:gnome-software-editor, p-cpe:/a:oracle:linux:gnome-tweaks, p-cpe:/a:oracle:linux:gsettings-desktop-schemas, p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel, p-cpe:/a:oracle:linux:gtk-update-icon-cache, p-cpe:/a:oracle:linux:gtk3, p-cpe:/a:oracle:linux:gtk3-devel, p-cpe:/a:oracle:linux:gtk3-immodule-xim, p-cpe:/a:oracle:linux:gvfs, p-cpe:/a:oracle:linux:gvfs-afc, p-cpe:/a:oracle:linux:gvfs-afp, p-cpe:/a:oracle:linux:gvfs-archive, p-cpe:/a:oracle:linux:gvfs-client, p-cpe:/a:oracle:linux:gvfs-devel, p-cpe:/a:oracle:linux:gvfs-fuse, p-cpe:/a:oracle:linux:gvfs-goa, p-cpe:/a:oracle:linux:gvfs-gphoto2, p-cpe:/a:oracle:linux:gvfs-mtp, p-cpe:/a:oracle:linux:gvfs-smb, p-cpe:/a:oracle:linux:libpurple, p-cpe:/a:oracle:linux:libpurple-devel, p-cpe:/a:oracle:linux:mozjs60, p-cpe:/a:oracle:linux:mozjs60-devel, p-cpe:/a:oracle:linux:mutter, p-cpe:/a:oracle:linux:mutter-devel, p-cpe:/a:oracle:linux:nautilus, p-cpe:/a:oracle:linux:nautilus-devel, p-cpe:/a:oracle:linux:nautilus-extensions, p-cpe:/a:oracle:linux:pango, p-cpe:/a:oracle:linux:pango-devel, p-cpe:/a:oracle:linux:pidgin, p-cpe:/a:oracle:linux:pidgin-devel, p-cpe:/a:oracle:linux:plymouth, p-cpe:/a:oracle:linux:plymouth-core-libs, p-cpe:/a:oracle:linux:plymouth-graphics-libs, p-cpe:/a:oracle:linux:plymouth-plugin-fade-throbber, p-cpe:/a:oracle:linux:plymouth-plugin-label, p-cpe:/a:oracle:linux:plymouth-plugin-script, p-cpe:/a:oracle:linux:plymouth-plugin-space-flares, p-cpe:/a:oracle:linux:plymouth-plugin-throbgress, p-cpe:/a:oracle:linux:plymouth-plugin-two-step, p-cpe:/a:oracle:linux:plymouth-scripts, p-cpe:/a:oracle:linux:plymouth-system-theme, p-cpe:/a:oracle:linux:plymouth-theme-charge, p-cpe:/a:oracle:linux:plymouth-theme-fade-in, p-cpe:/a:oracle:linux:plymouth-theme-script, p-cpe:/a:oracle:linux:plymouth-theme-solar, p-cpe:/a:oracle:linux:plymouth-theme-spinfinity, p-cpe:/a:oracle:linux:plymouth-theme-spinner, p-cpe:/a:oracle:linux:wayland-protocols-devel, p-cpe:/a:oracle:linux:webkit2gtk3, p-cpe:/a:oracle:linux:webkit2gtk3-devel, p-cpe:/a:oracle:linux:webkit2gtk3-jsc, p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel, p-cpe:/a:oracle:linux:webkit2gtk3-plugin-process-gtk2

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 11/14/2019

Vulnerability Publication Date: 4/22/2019

Reference Information

CVE: CVE-2019-11459, CVE-2019-12795