OESA-2026-2819

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2819
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2819.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2819
Upstream
Published
2026-07-06T06:26:34Z
Modified
2026-07-06T06:45:17.021023990Z
Summary
gnome-tour security update
Details

A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution.

Security Fix(es):

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using getdisjointmut with indices that might be beyond the slab's actual length.(CVE-2025-55159)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP3 / gnome-tour

Package

Name
gnome-tour
Purl
pkg:rpm/openEuler/gnome-tour&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
44.0-2.oe2403sp3

Ecosystem specific

{
    "aarch64": [
        "gnome-tour-44.0-2.oe2403sp3.aarch64.rpm",
        "gnome-tour-debuginfo-44.0-2.oe2403sp3.aarch64.rpm",
        "gnome-tour-debugsource-44.0-2.oe2403sp3.aarch64.rpm"
    ],
    "src": [
        "gnome-tour-44.0-2.oe2403sp3.src.rpm"
    ],
    "x86_64": [
        "gnome-tour-44.0-2.oe2403sp3.x86_64.rpm",
        "gnome-tour-debuginfo-44.0-2.oe2403sp3.x86_64.rpm",
        "gnome-tour-debugsource-44.0-2.oe2403sp3.x86_64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2819.json"