Headline
Ubuntu Security Notice USN-7052-1
Ubuntu Security Notice 7052-1 - It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked.
==========================================================================Ubuntu Security Notice USN-7052-1October 03, 2024gnome-shell vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTSSummary:Several security issues were fixed in GNOME Shell.Software Description:- gnome-shell: graphical shell for the GNOME desktopDetails:It was discovered that GNOME Shell mishandled extensions that fail toreload, possibly leading to extensions staying enabled on the lock screen.An attacker could possibly use this issue to launch applications, viewsensitive information, or execute arbitrary commands. (CVE-2017-8288)It was discovered that the GNOME Shell incorrectly handled certainkeyboard inputs. An attacker could possibly use this issue to invokekeyboard shortcuts, and potentially other actions while the workstationwas locked. (CVE-2019-3820)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS gnome-shell 3.18.5-0ubuntu0.3+esm1 Available with Ubuntu ProAfter a standard system update you need to restart your session to make allthe necessary changes.References: https://ubuntu.com/security/notices/USN-7052-1 CVE-2017-8288, CVE-2019-3820
Related news
Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-1701: virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets * CVE-2020-1742: nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges