RHEL 8：GNOME（RHSA-2019:3553）

high Nessus プラグイン ID 130552

Language:

概要

リモートのRed Hatホストに1つ以上のセキュリティ更新プログラムがありません。

説明

GNOMEの更新プログラムが、Red Hat Enterprise Linux 8で利用可能になりました。Red Hat製品セキュリティは、この更新がセキュリティに及ぼす影響を重要度低と評価しています。詳細な重大度評価を示すCVSS（共通脆弱性評価システム）ベーススコアは、「参照」セクションのCVEリンクから脆弱性ごとに入手できます。GNOMEはRed Hat Enterprise Linuxのデフォルトのデスクトップ環境です。セキュリティ修正プログラム：* evince：関数tiff_document_render()およびtiff_document_get_thumbnail()での初期化されていないメモリ使用（CVE-2019-11459）* gvfs：gvfsdのdaemon/gvfsdaemon.c内の不適切な認証（CVE-2019-12795）影響、CVSSスコア、謝辞、その他の関連情報を含むセキュリティ問題の詳細については、「参照」セクションに記載されているCVEのページを参照してください。追加の変更：このリリースの変更に関する詳細については、「参照」セクションからリンクされているRed Hat Enterprise Linux 8.1リリースノートを参照してください。

ソリューション

影響を受けるパッケージを更新してください。

参考資料

http://www.nessus.org/u?774148ae

https://access.redhat.com/errata/RHSA-2019:3553

https://access.redhat.com/security/cve/cve-2019-11459

https://access.redhat.com/security/cve/cve-2019-12795

プラグインの詳細

深刻度: High

ID: 130552

ファイル名: redhat-RHSA-2019-3553.nasl

バージョン: 1.3

タイプ: local

エージェント: unix

ファミリー: Red Hat Local Security Checks

公開日: 2019/11/6

更新日: 2024/4/15

サポートされているセンサー: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

リスク情報

VPR

リスクファクター: Medium

スコア: 5.9

CVSS v2

リスクファクター: Medium

基本値: 4.6

現状値: 3.4

ベクトル: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS スコアのソース: CVE-2019-12795

CVSS v3

リスクファクター: High

基本値: 7.8

現状値: 6.8

ベクトル: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C

脆弱性情報

CPE: p-cpe:/a:redhat:enterprise_linux:gnome-control-center-filesystem, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3-devel, p-cpe:/a:redhat:enterprise_linux:gnome-desktop3-tests-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-remote-desktop, p-cpe:/a:redhat:enterprise_linux:gnome-remote-desktop-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-remote-desktop-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-shell, p-cpe:/a:redhat:enterprise_linux:gnome-shell-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-shell-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-apps-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-common, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-desktop-icons, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-drive-menu, p-cpe:/a:redhat:enterprise_linux:sdl, p-cpe:/a:redhat:enterprise_linux:sdl-debuginfo, p-cpe:/a:redhat:enterprise_linux:sdl-debugsource, p-cpe:/a:redhat:enterprise_linux:sdl-devel, p-cpe:/a:redhat:enterprise_linux:accountsservice, p-cpe:/a:redhat:enterprise_linux:accountsservice-debuginfo, p-cpe:/a:redhat:enterprise_linux:accountsservice-debugsource, p-cpe:/a:redhat:enterprise_linux:accountsservice-devel, p-cpe:/a:redhat:enterprise_linux:accountsservice-libs, p-cpe:/a:redhat:enterprise_linux:accountsservice-libs-debuginfo, p-cpe:/a:redhat:enterprise_linux:appstream-data, p-cpe:/a:redhat:enterprise_linux:baobab, p-cpe:/a:redhat:enterprise_linux:baobab-debuginfo, p-cpe:/a:redhat:enterprise_linux:baobab-debugsource, p-cpe:/a:redhat:enterprise_linux:chrome-gnome-shell, p-cpe:/a:redhat:enterprise_linux:evince, p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin, p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin-debuginfo, p-cpe:/a:redhat:enterprise_linux:evince-debuginfo, p-cpe:/a:redhat:enterprise_linux:evince-debugsource, p-cpe:/a:redhat:enterprise_linux:evince-libs, p-cpe:/a:redhat:enterprise_linux:evince-libs-debuginfo, p-cpe:/a:redhat:enterprise_linux:evince-nautilus, p-cpe:/a:redhat:enterprise_linux:evince-nautilus-debuginfo, p-cpe:/a:redhat:enterprise_linux:file-roller, p-cpe:/a:redhat:enterprise_linux:file-roller-debuginfo, p-cpe:/a:redhat:enterprise_linux:file-roller-debugsource, p-cpe:/a:redhat:enterprise_linux:finch-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-debugsource, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-devel, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-devel-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-modules, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-modules-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-tests-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-xlib, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-xlib-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf2-xlib-devel, p-cpe:/a:redhat:enterprise_linux:gdm, p-cpe:/a:redhat:enterprise_linux:gdm-debuginfo, p-cpe:/a:redhat:enterprise_linux:gdm-debugsource, p-cpe:/a:redhat:enterprise_linux:gjs, p-cpe:/a:redhat:enterprise_linux:gjs-debuginfo, p-cpe:/a:redhat:enterprise_linux:gjs-debugsource, p-cpe:/a:redhat:enterprise_linux:gjs-devel, p-cpe:/a:redhat:enterprise_linux:gjs-tests-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-classic-session, p-cpe:/a:redhat:enterprise_linux:gnome-control-center, p-cpe:/a:redhat:enterprise_linux:gnome-control-center-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-control-center-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-software, p-cpe:/a:redhat:enterprise_linux:gnome-software-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-software-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-software-editor, p-cpe:/a:redhat:enterprise_linux:gnome-software-editor-debuginfo, p-cpe:/a:redhat:enterprise_linux:gnome-tweaks, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas-devel, p-cpe:/a:redhat:enterprise_linux:gtk-update-icon-cache, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-native-window-placement, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-panel-favorites, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-places-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-systemmonitor, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-top-icons, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-updates-dialog, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-user-theme, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-grouper, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-list, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-windowsnavigator, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:redhat:enterprise_linux:gtk-update-icon-cache-debuginfo, p-cpe:/a:redhat:enterprise_linux:gtk3, p-cpe:/a:redhat:enterprise_linux:gtk3-debuginfo, p-cpe:/a:redhat:enterprise_linux:gtk3-debugsource, p-cpe:/a:redhat:enterprise_linux:gtk3-devel, p-cpe:/a:redhat:enterprise_linux:gtk3-devel-debuginfo, p-cpe:/a:redhat:enterprise_linux:gtk3-immodule-xim, p-cpe:/a:redhat:enterprise_linux:gtk3-immodule-xim-debuginfo, p-cpe:/a:redhat:enterprise_linux:gtk3-immodules-debuginfo, p-cpe:/a:redhat:enterprise_linux:gtk3-tests-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs, p-cpe:/a:redhat:enterprise_linux:gvfs-afc, p-cpe:/a:redhat:enterprise_linux:gvfs-afc-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-afp, p-cpe:/a:redhat:enterprise_linux:gvfs-afp-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-archive, p-cpe:/a:redhat:enterprise_linux:gvfs-archive-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-client, p-cpe:/a:redhat:enterprise_linux:gvfs-client-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-debugsource, p-cpe:/a:redhat:enterprise_linux:gvfs-devel, p-cpe:/a:redhat:enterprise_linux:gvfs-fuse, p-cpe:/a:redhat:enterprise_linux:gvfs-fuse-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-goa, p-cpe:/a:redhat:enterprise_linux:gvfs-goa-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-gphoto2, p-cpe:/a:redhat:enterprise_linux:gvfs-gphoto2-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-mtp, p-cpe:/a:redhat:enterprise_linux:gvfs-mtp-debuginfo, p-cpe:/a:redhat:enterprise_linux:gvfs-smb, p-cpe:/a:redhat:enterprise_linux:gvfs-smb-debuginfo, p-cpe:/a:redhat:enterprise_linux:libpurple, p-cpe:/a:redhat:enterprise_linux:libpurple-debuginfo, p-cpe:/a:redhat:enterprise_linux:libpurple-devel, p-cpe:/a:redhat:enterprise_linux:libpurple-perl-debuginfo, p-cpe:/a:redhat:enterprise_linux:libpurple-tcl-debuginfo, p-cpe:/a:redhat:enterprise_linux:mozjs60, p-cpe:/a:redhat:enterprise_linux:mozjs60-debuginfo, p-cpe:/a:redhat:enterprise_linux:mozjs60-debugsource, p-cpe:/a:redhat:enterprise_linux:mozjs60-devel, p-cpe:/a:redhat:enterprise_linux:mutter, p-cpe:/a:redhat:enterprise_linux:mutter-debuginfo, p-cpe:/a:redhat:enterprise_linux:mutter-debugsource, p-cpe:/a:redhat:enterprise_linux:mutter-devel, p-cpe:/a:redhat:enterprise_linux:mutter-tests-debuginfo, p-cpe:/a:redhat:enterprise_linux:nautilus, p-cpe:/a:redhat:enterprise_linux:nautilus-debuginfo, p-cpe:/a:redhat:enterprise_linux:nautilus-debugsource, p-cpe:/a:redhat:enterprise_linux:nautilus-devel, p-cpe:/a:redhat:enterprise_linux:nautilus-extensions, p-cpe:/a:redhat:enterprise_linux:nautilus-extensions-debuginfo, p-cpe:/a:redhat:enterprise_linux:pango, p-cpe:/a:redhat:enterprise_linux:pango-debuginfo, p-cpe:/a:redhat:enterprise_linux:pango-debugsource, p-cpe:/a:redhat:enterprise_linux:pango-devel, p-cpe:/a:redhat:enterprise_linux:pango-tests-debuginfo, p-cpe:/a:redhat:enterprise_linux:pidgin, p-cpe:/a:redhat:enterprise_linux:pidgin-debuginfo, p-cpe:/a:redhat:enterprise_linux:pidgin-debugsource, p-cpe:/a:redhat:enterprise_linux:pidgin-devel, p-cpe:/a:redhat:enterprise_linux:pidgin-perl-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth, p-cpe:/a:redhat:enterprise_linux:plymouth-core-libs, p-cpe:/a:redhat:enterprise_linux:plymouth-core-libs-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-debugsource, p-cpe:/a:redhat:enterprise_linux:plymouth-devel-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-graphics-libs, p-cpe:/a:redhat:enterprise_linux:plymouth-graphics-libs-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-fade-throbber, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-fade-throbber-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-label, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-label-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-script, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-script-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-space-flares, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-space-flares-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-throbgress, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-throbgress-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-two-step, p-cpe:/a:redhat:enterprise_linux:plymouth-plugin-two-step-debuginfo, p-cpe:/a:redhat:enterprise_linux:plymouth-scripts, p-cpe:/a:redhat:enterprise_linux:plymouth-system-theme, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-charge, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-fade-in, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-script, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-solar, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-spinfinity, p-cpe:/a:redhat:enterprise_linux:plymouth-theme-spinner, p-cpe:/a:redhat:enterprise_linux:wayland-protocols-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-debuginfo, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-debugsource, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel-debuginfo, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-debuginfo, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel-debuginfo, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-plugin-process-gtk2, p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-plugin-process-gtk2-debuginfo, cpe:/o:redhat:enterprise_linux:8

必要な KB アイテム: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

エクスプロイトの容易さ: No known exploits are available

パッチ公開日: 2019/11/5

脆弱性公開日: 2019/4/22

参照情報

CVE: CVE-2019-11459, CVE-2019-12795

RHSA: 2019:3553