Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2020:1021
HistoryApr 08, 2020 - 5:41 p.m.

LibRaw, accountsservice, colord, control, gdm, gnome, gsettings, gtk, gtk3, libcanberra, libgweather, mutter, nautilus, osinfo, shared, tracker, xchat security update

2020-04-0817:41:15
CentOS Project
lists.centos.org
125

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON

CentOS Errata and Security Advisory CESA-2020:1021

GNOME is the default desktop environment of Red Hat Enterprise Linux.

Security Fix(es):

  • gnome-shell: partial lock screen bypass (CVE-2019-3820)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-September/086150.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032473.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032492.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032494.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032520.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032524.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032525.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032526.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032527.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032528.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032529.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032531.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032563.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032568.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032576.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032606.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032607.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032621.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032675.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032699.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032713.html

Affected packages:
LibRaw
LibRaw-devel
LibRaw-static
accountsservice
accountsservice-devel
accountsservice-libs
colord
colord-devel
colord-devel-docs
colord-extra-profiles
colord-libs
control-center
control-center-filesystem
gdm
gdm-devel
gdm-pam-extensions-devel
gnome-classic-session
gnome-online-accounts
gnome-online-accounts-devel
gnome-settings-daemon
gnome-settings-daemon-devel
gnome-shell
gnome-shell-extension-alternate-tab
gnome-shell-extension-apps-menu
gnome-shell-extension-auto-move-windows
gnome-shell-extension-common
gnome-shell-extension-dash-to-dock
gnome-shell-extension-disable-screenshield
gnome-shell-extension-drive-menu
gnome-shell-extension-extra-osk-keys
gnome-shell-extension-horizontal-workspaces
gnome-shell-extension-launch-new-instance
gnome-shell-extension-native-window-placement
gnome-shell-extension-no-hot-corner
gnome-shell-extension-panel-favorites
gnome-shell-extension-places-menu
gnome-shell-extension-screenshot-window-sizer
gnome-shell-extension-systemMonitor
gnome-shell-extension-top-icons
gnome-shell-extension-updates-dialog
gnome-shell-extension-user-theme
gnome-shell-extension-window-grouper
gnome-shell-extension-window-list
gnome-shell-extension-windowsNavigator
gnome-shell-extension-workspace-indicator
gnome-tweak-tool
gsettings-desktop-schemas
gsettings-desktop-schemas-devel
gtk-update-icon-cache
gtk3
gtk3-devel
gtk3-devel-docs
gtk3-immodule-xim
gtk3-immodules
gtk3-tests
libcanberra
libcanberra-devel
libcanberra-gtk2
libcanberra-gtk3
libgweather
libgweather-devel
mutter
mutter-devel
nautilus
nautilus-devel
nautilus-extensions
osinfo-db
shared-mime-info
tracker
tracker-devel
tracker-docs
tracker-needle
tracker-preferences
xchat
xchat-tcl

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:1021

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64accountsservice< 0.6.50-7.el7accountsservice-0.6.50-7.el7.x86_64.rpm
CentOS7i686accountsservice-devel< 0.6.50-7.el7accountsservice-devel-0.6.50-7.el7.i686.rpm
CentOS7x86_64accountsservice-devel< 0.6.50-7.el7accountsservice-devel-0.6.50-7.el7.x86_64.rpm
CentOS7i686accountsservice-libs< 0.6.50-7.el7accountsservice-libs-0.6.50-7.el7.i686.rpm
CentOS7x86_64accountsservice-libs< 0.6.50-7.el7accountsservice-libs-0.6.50-7.el7.x86_64.rpm
CentOS7x86_64colord< 1.3.4-2.el7colord-1.3.4-2.el7.x86_64.rpm
CentOS7i686colord-devel< 1.3.4-2.el7colord-devel-1.3.4-2.el7.i686.rpm
CentOS7x86_64colord-devel< 1.3.4-2.el7colord-devel-1.3.4-2.el7.x86_64.rpm
CentOS7noarchcolord-devel-docs< 1.3.4-2.el7colord-devel-docs-1.3.4-2.el7.noarch.rpm
CentOS7noarchcolord-extra-profiles< 1.3.4-2.el7colord-extra-profiles-1.3.4-2.el7.noarch.rpm
Rows per page:
1-10 of 1111

Related

nessus 34
oraclelinux 1
prion 1
cve 1
redhatcve 1
alpinelinux 1
ubuntucve 1
veracode 1
cvelist 1
suse 2
debiancve 1
redhat 2
openvas 8
ubuntu 1
nvd 1
amazon 1
archlinux 1
rocky 1
osv 2
ibm 1
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : gnome-shell Vulnerability (NS-SA-2020-0066)
2020-12-09 00:00:00
Amazon Linux 2 : gnome-shell (ALAS-2020-1478)
2020-08-26 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : tracker Vulnerability (NS-SA-2023-0020)
2023-04-11 00:00:00
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2020-04-06 00:00:00
prion
prion
Code injection
2019-02-06 20:29:00
cve
cve
CVE-2019-3820
2019-02-06 20:29:00
redhatcve
redhatcve
CVE-2019-3820
2019-02-06 01:19:17
alpinelinux
alpinelinux
CVE-2019-3820
2019-02-06 20:29:00
ubuntucve
ubuntucve
CVE-2019-3820
2019-02-06 00:00:00
veracode
veracode
Authentication Bypass
2020-04-01 00:38:16
cvelist
cvelist
CVE-2019-3820
2019-02-06 20:00:00
suse
suse
Security update for gnome-shell (moderate)
2019-06-18 00:00:00
Security update for gnome-shell (moderate)
2019-06-07 00:00:00
debiancve
debiancve
CVE-2019-3820
2019-02-06 20:29:00
redhat
redhat
(RHSA-2020:1021) Moderate: GNOME security, bug fix, and enhancement update
2020-03-31 09:09:34
(RHSA-2019:3553) Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
openvas
openvas
Huawei EulerOS: Security Advisory for gnome-shell (EulerOS-SA-2020-2547)
2020-12-15 00:00:00
Huawei EulerOS: Security Advisory for gnome-shell (EulerOS-SA-2021-1301)
2021-02-22 00:00:00
Ubuntu: Security Advisory (USN-3966-1)
2019-05-07 00:00:00
ubuntu
ubuntu
GNOME Shell vulnerability
2019-05-06 00:00:00
nvd
nvd
CVE-2019-3820
2019-02-06 20:29:00
amazon
amazon
Medium: gnome-shell
2020-08-18 19:52:00
archlinux
archlinux
[ASA-201903-3] gdm: access restriction bypass
2019-03-03 00:00:00
rocky
rocky
GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
osv
osv
Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
ibm
ibm
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
2021-08-13 22:15:02

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON
Related for CESA-2020:1021
nessus34oraclelinux1prion1cve1redhatcve1alpinelinux1ubuntucve1veracode1cvelist1suse2debiancve1redhat2openvas8ubuntu1nvd1amazon1archlinux1rocky1osv2ibm1