gnome-shell security update for Debian 9 'Stretch
Reporter | Title | Published | Views | Family All 38 |
---|---|---|---|---|
UbuntuCve | CVE-2020-17489 | 11 Aug 202000:00 | – | ubuntucve |
Prion | Default credentials | 11 Aug 202021:15 | – | prion |
OSV | Low: gnome-shell security and bug fix update | 10 May 202206:28 | – | osv |
OSV | Red Hat Security Advisory: gnome-shell security and bug fix update | 16 Sep 202406:41 | – | osv |
OSV | CVE-2020-17489 | 11 Aug 202021:15 | – | osv |
OSV | gnome-shell - security update | 15 Sep 202000:00 | – | osv |
OSV | Low: gnome-shell security and bug fix update | 10 May 202206:28 | – | osv |
OSV | gnome-extensions-40.5-1.1 on GA media | 15 Jun 202400:00 | – | osv |
OpenVAS | Ubuntu: Security Advisory (USN-4464-1) | 19 Aug 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-2374-1) | 16 Sep 202000:00 | – | openvas |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2374-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(140606);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");
script_cve_id("CVE-2020-17489");
script_name(english:"Debian DLA-2374-1 : gnome-shell security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It was discovered that there was an issue around revealing passwords
in the 'gnome-shell' component of the GNOME desktop.
In certain configurations, when logging out of an account the password
box from the login dialog could reappear with the password visible in
cleartext.
For Debian 9 'Stretch', this problem has been fixed in version
3.22.3-3+deb9u1.
We recommend that you upgrade your gnome-shell packages.
For the detailed security status of gnome-shell please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/gnome-shell");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/gnome-shell");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected gnome-shell, and gnome-shell-common packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17489");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnome-shell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnome-shell-common");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"gnome-shell", reference:"3.22.3-3+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"gnome-shell-common", reference:"3.22.3-3+deb9u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo