偵測

Oracle Linux 8:GNOME (ELSA-2019-3553)

high Nessus Plugin ID 180839

語系:

概要

遠端 Oracle Linux 主機缺少一個或多個安全性更新。

說明

遠端 Oracle Linux 8 主機中安裝的套件受到 ELSA-2019-3553 公告中提及的多個弱點影響。

 - 在 GNOME Evince 3.32.0 及之前版本中,TIFF 文件後端的 tiff_document_render() 和 tiff_document_get_thumbnail() 函式未處理 TIFFReadRGBAImageOriented() 的錯誤,導致處理特定的 TIFF 影像檔時使用未初始化的記憶體。(CVE-2019-11459)

 - 在 GNOME gvfs 1.38.3 之前版本、1.40.x 的 1.40.2 之前版本以及 1.41.x 的 1.41.3 之前版本中,gvfsd 的 daemon/gvfsdaemon.c 會在未設定授權規則的情況下開啟私有 D-Bus 伺服器通訊端。本機攻擊者可連線至此伺服器通訊端並發出 D-Bus 方法呼叫。(請注意,伺服器通訊端僅接受單一連線,因此攻擊者必須在伺服器擁有者之前,先探索伺服器並連線到通訊端。) (CVE-2019-12795)

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://linux.oracle.com/errata/ELSA-2019-3553.html

Plugin 詳細資訊

嚴重性: High

ID: 180839

檔案名稱: oraclelinux_ELSA-2019-3553.nasl

版本: 1.0

類型: local

代理程式: unix

已發布: 2023/9/7

已更新: 2023/9/7

支援的感應器: Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 5.9

CVSS v2

風險因素: Medium

基本分數: 4.6

時間分數: 3.4

媒介: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2019-12795

CVSS v3

風險因素: High

基本分數: 7.8

時間分數: 6.8

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:sdl, p-cpe:/a:oracle:linux:sdl-devel, p-cpe:/a:oracle:linux:accountsservice, p-cpe:/a:oracle:linux:accountsservice-devel, p-cpe:/a:oracle:linux:accountsservice-libs, p-cpe:/a:oracle:linux:appstream-data, p-cpe:/a:oracle:linux:baobab, p-cpe:/a:oracle:linux:chrome-gnome-shell, p-cpe:/a:oracle:linux:evince, p-cpe:/a:oracle:linux:evince-browser-plugin, p-cpe:/a:oracle:linux:evince-libs, p-cpe:/a:oracle:linux:evince-nautilus, p-cpe:/a:oracle:linux:file-roller, p-cpe:/a:oracle:linux:gdk-pixbuf2, p-cpe:/a:oracle:linux:gdk-pixbuf2-devel, p-cpe:/a:oracle:linux:gdk-pixbuf2-modules, p-cpe:/a:oracle:linux:gdk-pixbuf2-xlib, p-cpe:/a:oracle:linux:gdk-pixbuf2-xlib-devel, p-cpe:/a:oracle:linux:gdm, p-cpe:/a:oracle:linux:gjs, p-cpe:/a:oracle:linux:gjs-devel, p-cpe:/a:oracle:linux:gnome-classic-session, p-cpe:/a:oracle:linux:gnome-control-center, p-cpe:/a:oracle:linux:gnome-control-center-filesystem, p-cpe:/a:oracle:linux:gnome-desktop3, p-cpe:/a:oracle:linux:gnome-desktop3-devel, p-cpe:/a:oracle:linux:gnome-remote-desktop, p-cpe:/a:oracle:linux:gnome-settings-daemon, p-cpe:/a:oracle:linux:gnome-shell, p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu, p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:oracle:linux:gnome-shell-extension-common, p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons, p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu, p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement, p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites, p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu, p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor, p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons, p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog, p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme, p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper, p-cpe:/a:oracle:linux:gnome-shell-extension-window-list, p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator, p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:oracle:linux:gnome-software, p-cpe:/a:oracle:linux:gnome-software-editor, p-cpe:/a:oracle:linux:gnome-tweaks, p-cpe:/a:oracle:linux:gsettings-desktop-schemas, p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel, p-cpe:/a:oracle:linux:gtk-update-icon-cache, p-cpe:/a:oracle:linux:gtk3, p-cpe:/a:oracle:linux:gtk3-devel, p-cpe:/a:oracle:linux:gtk3-immodule-xim, p-cpe:/a:oracle:linux:gvfs, p-cpe:/a:oracle:linux:gvfs-afc, p-cpe:/a:oracle:linux:gvfs-afp, p-cpe:/a:oracle:linux:gvfs-archive, p-cpe:/a:oracle:linux:gvfs-client, p-cpe:/a:oracle:linux:gvfs-devel, p-cpe:/a:oracle:linux:gvfs-fuse, p-cpe:/a:oracle:linux:gvfs-goa, p-cpe:/a:oracle:linux:gvfs-gphoto2, p-cpe:/a:oracle:linux:gvfs-mtp, p-cpe:/a:oracle:linux:gvfs-smb, p-cpe:/a:oracle:linux:libpurple, p-cpe:/a:oracle:linux:libpurple-devel, p-cpe:/a:oracle:linux:mozjs60, p-cpe:/a:oracle:linux:mozjs60-devel, p-cpe:/a:oracle:linux:mutter, p-cpe:/a:oracle:linux:mutter-devel, p-cpe:/a:oracle:linux:nautilus, p-cpe:/a:oracle:linux:nautilus-devel, p-cpe:/a:oracle:linux:nautilus-extensions, p-cpe:/a:oracle:linux:pango, p-cpe:/a:oracle:linux:pango-devel, p-cpe:/a:oracle:linux:pidgin, p-cpe:/a:oracle:linux:pidgin-devel, p-cpe:/a:oracle:linux:plymouth, p-cpe:/a:oracle:linux:plymouth-core-libs, p-cpe:/a:oracle:linux:plymouth-graphics-libs, p-cpe:/a:oracle:linux:plymouth-plugin-fade-throbber, p-cpe:/a:oracle:linux:plymouth-plugin-label, p-cpe:/a:oracle:linux:plymouth-plugin-script, p-cpe:/a:oracle:linux:plymouth-plugin-space-flares, p-cpe:/a:oracle:linux:plymouth-plugin-throbgress, p-cpe:/a:oracle:linux:plymouth-plugin-two-step, p-cpe:/a:oracle:linux:plymouth-scripts, p-cpe:/a:oracle:linux:plymouth-system-theme, p-cpe:/a:oracle:linux:plymouth-theme-charge, p-cpe:/a:oracle:linux:plymouth-theme-fade-in, p-cpe:/a:oracle:linux:plymouth-theme-script, p-cpe:/a:oracle:linux:plymouth-theme-solar, p-cpe:/a:oracle:linux:plymouth-theme-spinfinity, p-cpe:/a:oracle:linux:plymouth-theme-spinner, p-cpe:/a:oracle:linux:wayland-protocols-devel, p-cpe:/a:oracle:linux:webkit2gtk3, p-cpe:/a:oracle:linux:webkit2gtk3-devel, p-cpe:/a:oracle:linux:webkit2gtk3-jsc, p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel, p-cpe:/a:oracle:linux:webkit2gtk3-plugin-process-gtk2

必要的 KB 項目: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2019/11/14

弱點發布日期: 2019/4/22

參考資訊

CVE: CVE-2019-11459, CVE-2019-12795