RLSA-2021:1586

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2021:1586.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2021:1586
Related
Published
2021-05-18T05:35:26Z
Modified
2023-02-02T12:51:46.904022Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Moderate: GNOME security, bug fix, and enhancement update
Details

GNOME is the default desktop environment of Rocky Linux.

The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304)

Security Fix(es):

  • webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)

  • webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951)

  • webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)

  • webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543)

  • webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584)

  • glib2: insecure permissions for files and directories (CVE-2019-13012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / cairomm

Package

Name
cairomm
Purl
pkg:rpm/rocky-linux/cairomm?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.12.0-8.el8

Rocky Linux:8 / accountsservice

Package

Name
accountsservice
Purl
pkg:rpm/rocky-linux/accountsservice?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.6.55-1.el8

Rocky Linux:8 / atkmm

Package

Name
atkmm
Purl
pkg:rpm/rocky-linux/atkmm?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.24.2-7.el8

Rocky Linux:8 / chrome-gnome-shell

Package

Name
chrome-gnome-shell
Purl
pkg:rpm/rocky-linux/chrome-gnome-shell?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:10.1-7.el8

Rocky Linux:8 / dleyna-core

Package

Name
dleyna-core
Purl
pkg:rpm/rocky-linux/dleyna-core?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.6.0-3.el8

Rocky Linux:8 / dleyna-server

Package

Name
dleyna-server
Purl
pkg:rpm/rocky-linux/dleyna-server?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.6.0-3.el8

Rocky Linux:8 / enchant2

Package

Name
enchant2
Purl
pkg:rpm/rocky-linux/enchant2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.2.3-3.el8

Rocky Linux:8 / gamin

Package

Name
gamin
Purl
pkg:rpm/rocky-linux/gamin?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.1.10-32.el8

Rocky Linux:8 / gdm

Package

Name
gdm
Purl
pkg:rpm/rocky-linux/gdm?distro=rocky-linux-8-4-legacy&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.28.3-39.el8

Rocky Linux:8 / geoclue2

Package

Name
geoclue2
Purl
pkg:rpm/rocky-linux/geoclue2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.5.5-2.el8

Rocky Linux:8 / geocode-glib

Package

Name
geocode-glib
Purl
pkg:rpm/rocky-linux/geocode-glib?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.26.0-3.el8

Rocky Linux:8 / gjs

Package

Name
gjs
Purl
pkg:rpm/rocky-linux/gjs?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.56.2-5.el8

Rocky Linux:8 / glibmm24

Package

Name
glibmm24
Purl
pkg:rpm/rocky-linux/glibmm24?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.56.0-2.el8

Rocky Linux:8 / gnome-boxes

Package

Name
gnome-boxes
Purl
pkg:rpm/rocky-linux/gnome-boxes?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.36.5-8.el8

Rocky Linux:8 / gnome-boxes

Package

Name
gnome-boxes
Purl
pkg:rpm/rocky-linux/gnome-boxes?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.36.5-8.el8.rocky.0.1

Rocky Linux:8 / gnome-control-center

Package

Name
gnome-control-center
Purl
pkg:rpm/rocky-linux/gnome-control-center?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.28.2-27.el8

Rocky Linux:8 / gnome-online-accounts

Package

Name
gnome-online-accounts
Purl
pkg:rpm/rocky-linux/gnome-online-accounts?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.28.2-2.el8

Rocky Linux:8 / gnome-photos

Package

Name
gnome-photos
Purl
pkg:rpm/rocky-linux/gnome-photos?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.28.1-4.el8

Rocky Linux:8 / gnome-settings-daemon

Package

Name
gnome-settings-daemon
Purl
pkg:rpm/rocky-linux/gnome-settings-daemon?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.32.0-14.el8

Rocky Linux:8 / gnome-shell

Package

Name
gnome-shell
Purl
pkg:rpm/rocky-linux/gnome-shell?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.32.2-30.el8

Rocky Linux:8 / gnome-software

Package

Name
gnome-software
Purl
pkg:rpm/rocky-linux/gnome-software?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.36.1-5.el8

Rocky Linux:8 / gnome-terminal

Package

Name
gnome-terminal
Purl
pkg:rpm/rocky-linux/gnome-terminal?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.28.3-3.el8

Rocky Linux:8 / gtk2

Package

Name
gtk2
Purl
pkg:rpm/rocky-linux/gtk2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.24.32-5.el8

Rocky Linux:8 / gtk-doc

Package

Name
gtk-doc
Purl
pkg:rpm/rocky-linux/gtk-doc?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.28-3.el8

Rocky Linux:8 / gtkmm24

Package

Name
gtkmm24
Purl
pkg:rpm/rocky-linux/gtkmm24?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.24.5-6.el8

Rocky Linux:8 / gtkmm30

Package

Name
gtkmm30
Purl
pkg:rpm/rocky-linux/gtkmm30?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.22.2-3.el8

Rocky Linux:8 / gvfs

Package

Name
gvfs
Purl
pkg:rpm/rocky-linux/gvfs?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.36.2-11.el8

Rocky Linux:8 / libdazzle

Package

Name
libdazzle
Purl
pkg:rpm/rocky-linux/libdazzle?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.28.5-2.el8

Rocky Linux:8 / libepubgen

Package

Name
libepubgen
Purl
pkg:rpm/rocky-linux/libepubgen?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.1.0-3.el8

Rocky Linux:8 / libsass

Package

Name
libsass
Purl
pkg:rpm/rocky-linux/libsass?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.4.5-6.el8

Rocky Linux:8 / libsigc++20

Package

Name
libsigc++20
Purl
pkg:rpm/rocky-linux/libsigc++20?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.10.0-6.el8

Rocky Linux:8 / libvisual

Package

Name
libvisual
Purl
pkg:rpm/rocky-linux/libvisual?distro=rocky-linux-8&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.4.0-25.el8

Rocky Linux:8 / mutter

Package

Name
mutter
Purl
pkg:rpm/rocky-linux/mutter?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.32.2-57.el8

Rocky Linux:8 / nautilus

Package

Name
nautilus
Purl
pkg:rpm/rocky-linux/nautilus?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.28.1-15.el8

Rocky Linux:8 / OpenEXR

Package

Name
OpenEXR
Purl
pkg:rpm/rocky-linux/OpenEXR?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.2.0-12.el8

Rocky Linux:8 / pangomm

Package

Name
pangomm
Purl
pkg:rpm/rocky-linux/pangomm?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.40.1-6.el8

Rocky Linux:8 / soundtouch

Package

Name
soundtouch
Purl
pkg:rpm/rocky-linux/soundtouch?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-3.el8

Rocky Linux:8 / vala

Package

Name
vala
Purl
pkg:rpm/rocky-linux/vala?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.40.19-2.el8

Rocky Linux:8 / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.30.4-1.el8

Rocky Linux:8 / woff2

Package

Name
woff2
Purl
pkg:rpm/rocky-linux/woff2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.2-5.el8