4.6 - RHSA-2019:3553

Problem Description:

An update for GNOME is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

GNOME is the default desktop environment of Red Hat Enterprise Linux.

Security Fix(es):

* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)

* gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1662193 - [RFE] Read-Only lockdown for removable drives 1667136 - Backport rename support for desktop icons 1673011 - Appstream-data Needs refresh for RHEL 8 1674382 - Gnome session locks after login 1679127 - tweaks extensions status do not reflect reality 1680164 - gdm-screenshot doesn't work, we should drop it or fix it (or something) 1685811 - pango_fc_font_key_get_variations(key) causing crash when key is null 1687949 - [X11 Session] Pressing any Button on a Wacom Pen Tablet Buttons causes Core Dump 1690506 - [RHEL 8.1] mutter ignores multi-monitor layout defined in xorg.conf 1696708 - Rebase WebKitGTK to 2.24.2 1698520 - rebase gnome-shell to 3.32 1698884 - rebase mutter to 3.32 1698923 - rebase gjs to 3.32 1698929 - rebase gsd to 3.32 1698930 - rebase gsettings-desktop-schemas to 3.32 1704355 - Add an option to disable the hot corner 1704360 - A more traditional workspace switcher for classic mode 1704378 - Bring in disable-screenshield from RHEL7 1705583 - org.gnome.baobab.gschema.xml not valid against DTD 1706793 - circles wallpaper interfers with date and time on lockscreen 1709937 - Add "mount-removable-storage-devices-as-read-only" option 1713080 - [accountsservice] possible memory leak in Gnome 1713330 - Backport password override commit 1713453 - Rebase gnome-shell-extensions to 3.32 1713685 - Rebase wayland-protocols to 1.17 1715738 - right click on the top panel of applications does not open menu 1715761 - ugly default gnome-terminal font aftrer gsettings-desktop-schemas update 1715765 - topicons icons are to big 1716295 - CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() 1716771 - Interacting with a wacom pen triggers gnome shell crashes 1718133 - control-center crashes when clicking on Map To Monitor 1719241 - rebase gnome-desktop3 to match the gnome-shell version 1719279 - JS ERROR: TypeError: this._workspacesViews[i] is undefined 1719779 - gnome-software shouldn't show the addon if the package isn't actually available in the repos 1720481 - few gnome-shell-extensions need to go to AppStream 1721195 - Applications Menu fails to replace Activities in gnome panel 1721575 - Tweaks are pointing to wrong extension page in gnome-software 1722047 - Activities and Applications Menu change position in panel randomly 1722844 - shortcut to open window picker not working properly in classic X session 1723467 - Add window thumbnails to the classic workspace switcher 1723836 - New application menu button is not available through accessibility 1724551 - gnome-shell process eat 100% CPU after resume 1725101 - no link to website in about dialog 1725107 - no screenshot in software 1725120 - confusing names 1725555 - animation: fix unintentional loop while polkit dialog is active 1725741 - Reverting workspaces to primary display only not working 1725766 - No man page for nautilus-autorun-software 1725854 - [RFE] for closing the window picker 1726093 - window list in classic session is barely visible 1726505 - CVE-2019-12795 gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd 1726656 - top-bar: Drop ApplicationMenu tweak 1728277 - Update WebKitGTK to 2.24.3 1731372 - seems the latest gnome-shell-extensions update (-9) changed gnome classic notification color 1735382 - [abrt] [faf] gnome-shell: raise(): /usr/bin/gnome-shell killed by 6 1737326 - [abrt] [faf] gnome-shell: raise(): /usr/bin/gnome-shell killed by 5 1739116 - Cannot browse SMB shares from GNOME 1739117 - Hundreds of gvfsd-trash processes are spawned when user runs Xsession/Gnome after an NFS session failed 1741547 - [abrt] [faf] gnome-shell: meta_window_actor_show(): /usr/bin/gnome-shell killed by 11