Search...

openSUSE Security Update : gnome-settings-daemon (openSUSE-SU-2014:1348-1)

2014-11-04T00:00:00

ID OPENSUSE-2014-615.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2014-11-04T00:00:00

Description

Add gnome-settings-daemon-no-lockscreen-screenshot.patch :

media-keys: Disallow screenshots when locked (boo#900031, bgo#737456, CVE-2014-7300).

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-615.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78836);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-7300");

  script_name(english:"openSUSE Security Update : gnome-settings-daemon (openSUSE-SU-2014:1348-1)");
  script_summary(english:"Check for the openSUSE-2014-615 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Add 
gnome-settings-daemon-no-lockscreen-screenshot.patch :

  + media-keys: Disallow screenshots when locked
    (boo#900031, bgo#737456, CVE-2014-7300)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900031"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00005.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gnome-settings-daemon packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-settings-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-settings-daemon-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-settings-daemon-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-settings-daemon-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-settings-daemon-lang");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"gnome-settings-daemon-3.10.3-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"gnome-settings-daemon-debuginfo-3.10.3-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"gnome-settings-daemon-debugsource-3.10.3-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"gnome-settings-daemon-devel-3.10.3-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"gnome-settings-daemon-lang-3.10.3-24.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-settings-daemon / gnome-settings-daemon-debuginfo / etc");
}

JSON Vulners Source

Initial Source

{"id": "OPENSUSE-2014-615.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : gnome-settings-daemon (openSUSE-SU-2014:1348-1)", "description": " - Add \ngnome-settings-daemon-no-lockscreen-screenshot.patch :\n\n + media-keys: Disallow screenshots when locked\n (boo#900031, bgo#737456, CVE-2014-7300).", "published": "2014-11-04T00:00:00", "modified": "2014-11-04T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/78836", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=900031", "https://lists.opensuse.org/opensuse-updates/2014-11/msg00005.html"], "cvelist": ["CVE-2014-7300"], "type": "nessus", "lastseen": "2021-01-20T12:28:00", "edition": 18, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-7300"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868412", "OPENVAS:1361412562310871322", "OPENVAS:1361412562310123171"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0535"]}, {"type": "redhat", "idList": ["RHSA-2015:0535"]}, {"type": "centos", "idList": ["CESA-2015:0535"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2015-0535.NASL", "SUSE_SU-2015-0515-1.NASL", "SL_20150305_GNOME_SHELL_ON_SL7_X.NASL", "CENTOS_RHSA-2015-0535.NASL", "ORACLELINUX_ELSA-2015-0535.NASL", "FEDORA_2014-12690.NASL"]}, {"type": "fedora", "idList": ["FEDORA:97F5060E5215"]}], "modified": "2021-01-20T12:28:00", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-01-20T12:28:00", "rev": 2}, "vulnersScore": 5.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-615.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78836);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7300\");\n\n script_name(english:\"openSUSE Security Update : gnome-settings-daemon (openSUSE-SU-2014:1348-1)\");\n script_summary(english:\"Check for the openSUSE-2014-615 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add \ngnome-settings-daemon-no-lockscreen-screenshot.patch :\n\n + media-keys: Disallow screenshots when locked\n (boo#900031, bgo#737456, CVE-2014-7300).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=900031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-11/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-settings-daemon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-settings-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-settings-daemon-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-settings-daemon-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-settings-daemon-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnome-settings-daemon-3.10.3-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnome-settings-daemon-debuginfo-3.10.3-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnome-settings-daemon-debugsource-3.10.3-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnome-settings-daemon-devel-3.10.3-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnome-settings-daemon-lang-3.10.3-24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-settings-daemon / gnome-settings-daemon-debuginfo / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "78836", "cpe": ["p-cpe:/a:novell:opensuse:gnome-settings-daemon-debuginfo", "p-cpe:/a:novell:opensuse:gnome-settings-daemon-debugsource", "p-cpe:/a:novell:opensuse:gnome-settings-daemon-devel", "p-cpe:/a:novell:opensuse:gnome-settings-daemon", "p-cpe:/a:novell:opensuse:gnome-settings-daemon-lang", "cpe:/o:novell:opensuse:13.1"], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T06:14:34", "description": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.", "edition": 4, "cvss3": {}, "published": "2014-12-25T21:59:00", "title": "CVE-2014-7300", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7300"], "modified": "2016-08-31T15:08:00", "cpe": ["cpe:/a:gnome:gnome-shell:3.14.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0"], "id": "CVE-2014-7300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7300", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "description": "Check the version of gnome-shell", "modified": "2019-03-15T00:00:00", "published": "2014-10-19T00:00:00", "id": "OPENVAS:1361412562310868412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868412", "type": "openvas", "title": "Fedora Update for gnome-shell FEDORA-2014-12690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-shell FEDORA-2014-12690\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868412\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-19 05:57:38 +0200 (Sun, 19 Oct 2014)\");\n script_cve_id(\"CVE-2014-7300\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for gnome-shell FEDORA-2014-12690\");\n script_tag(name:\"summary\", value:\"Check the version of gnome-shell\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gnome-shell on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-12690\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141115.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-shell\", rpm:\"gnome-shell~3.10.4~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "description": "Oracle Linux Local Security Checks ELSA-2015-0535", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123171", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0535.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123171\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0535\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0535 - GNOME Shell security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0535\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0535.html\");\n script_cve_id(\"CVE-2014-7300\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"clutter\", rpm:\"clutter~1.14.4~12.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"clutter-devel\", rpm:\"clutter-devel~1.14.4~12.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"clutter-doc\", rpm:\"clutter-doc~1.14.4~12.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cogl\", rpm:\"cogl~1.14.0~6.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cogl-devel\", rpm:\"cogl-devel~1.14.0~6.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cogl-doc\", rpm:\"cogl-doc~1.14.0~6.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnome-shell\", rpm:\"gnome-shell~3.8.4~45.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnome-shell-browser-plugin\", rpm:\"gnome-shell-browser-plugin~3.8.4~45.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mutter\", rpm:\"mutter~3.8.4~16.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mutter-devel\", rpm:\"mutter-devel~3.8.4~16.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-06T00:00:00", "id": "OPENVAS:1361412562310871322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871322", "type": "openvas", "title": "RedHat Update for GNOME Shell RHSA-2015:0535-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for GNOME Shell RHSA-2015:0535-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871322\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-06 06:49:02 +0100 (Fri, 06 Mar 2015)\");\n script_cve_id(\"CVE-2014-7300\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for GNOME Shell RHSA-2015:0535-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GNOME Shell'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions such\nas navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key when\nthe screen was locked. This could allow an attacker with physical access to\na system with a locked screen to crash the screen-locking application by\ncreating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs:\n\n * The Timed Login feature, which automatically logs in a specified user\nafter a specified period of time, stopped working after the first user of\nthe GUI logged out. This has been fixed, and the specified user is always\nlogged in if no one else logs in. (BZ#1043571)\n\n * If two monitors were arranged vertically with the secondary monitor above\nthe primary monitor, it was impossible to move windows onto the secondary\nmonitor. With this update, windows can be moved through the upper edge of\nthe first monitor to the secondary monitor. (BZ#1075240)\n\n * If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead, the\nuser had to enter the user name one more time. The GDM code that contained\nthis error has been fixed, and users can enter their user names and\npasswords as expected. (BZ#1109530)\n\n * Prior to this update, only a small area was available on the GDM login\nscreen for a custom text banner. As a consequence, when a long banner was\nused, it did not fit into the area, and the person reading the banner had\nto use scrollbars to view the whole text. With this update, more space is\nused for the banner if necessary, which allows the user to read the message\nconveniently. (BZ#1110036)\n\n * When the Cancel button was pressed while an LDAP user name and password\nwas being validated, the GDM code did not handle the situation correctly.\nAs a consequence, GDM became unresponsive, and it was impossible to return\nto the login screen. The affected code has been fixed, and LDAP user\nvalidation can be canceled, allowing another user to log in instead.\n(BZ#1137041)\n\n * If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was not\nusable. This has been fixed, and the window focus is kept in under this\nscenario. (BZ#1149585)\n\n * If user authentication is configured to require a smart card to log in,\nuser names are obtained from the smart card. The a ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"GNOME Shell on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0535-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00009.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"clutter\", rpm:\"clutter~1.14.4~12.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clutter-debuginfo\", rpm:\"clutter-debuginfo~1.14.4~12.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cogl\", rpm:\"cogl~1.14.0~6.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cogl-debuginfo\", rpm:\"cogl-debuginfo~1.14.0~6.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-shell\", rpm:\"gnome-shell~3.8.4~45.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-shell-debuginfo\", rpm:\"gnome-shell-debuginfo~3.8.4~45.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mutter\", rpm:\"mutter~3.8.4~16.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mutter-debuginfo\", rpm:\"mutter-debuginfo~3.8.4~16.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7300"], "description": "clutter\n[1.14.4-12]\n- Include upstream patch to prevent a crash when hitting hardware limits\n Resolves: rhbz#1115162\n[1.14.4-11]\n- Fix a typo in the Requires\n[1.14.4-10]\n- Add patch for quadbuffer stereo suppport\n Resolves: rhbz#1108891\ncogl\n[1.14.1-6]\n- Add patches for quadbuffer stereo suppport\n Resolves: rhbz#1108890\n[1.14.0-5.2]\n- Ensure the glBlitFramebuffer case is not hit for swrast, since that's\n still broken.\ngnome-shell\n[3.8.4-45]\n- Don't inform GDM about session changes that came from GDM\n Resolves: #1163474\n[3.8.4-44]\n- If password authentication is disabled and smartcard authentication is\n enabled and smartcard isn't plugged in at start up, prompt user for\n smartcard\n Resolves: #1159385\n[3.8.4-43]\n- Support long login banner messages more effectively\n Resolves: #1110036\n[3.8.4-42]\n- Respect disk-writes lockdown setting\n Resolves: rhbz#1154122\n[3.8.4-41]\n- Disallow consecutive screenshot requests to avoid an OOM situation\n Resolves: rhbz#1154107\n[3.8.4-41]\n- Add option to limit app switcher to current workspace\n Resolves: rhbz#1101568\n[3.8.4-40]\n- Try harder to use the default calendar application\n Resolves: rhbz#1052201\n[3.8.4-40]\n- Update workspace switcher fix\n Resolves: rhbz#1092102\n[3.8.4-39]\n- Validate screenshot parameters\n Resolves: rhbz#1104694\n[3.8.4-38]\n- Fix shrinking workspace switcher\n Resolves: rhbz#1092102\n[3.8.4-38]\n- Update fix for vertical monitor layouts to upstream fix\n Resolves: rhbz#1075240\n[3.8.4-38]\n- Fix traceback introduced in 3.8.4-36 when unlocking via\n user switcher\n Related: #1101333\n[3.8.4-37]\n- Fix problems with LDAP and disable-user-list=TRUE\n Resolves: rhbz#1137041\n[3.8.4-36]\n- Fix login screen focus issue following idle\n Resolves: rhbz#1101333\n[3.8.4-35]\n- Disallow cancel from login screen before login attempt\n has been initiated.\n Resolves: rhbz#1109530\n[3.8.4-34]\n- Disallow cancel from login screen after login is already\n commencing.\n Resolves: rhbz#1079294\n[3.8.4-33]\n- Add a patch for quadbuffer stereo suppport\n Resolves: rhbz#1108893\nmutter\n[3.8.4.16]\n- Fix window placement regression\n Resolves: rhbz#1153641\n[3.8.4-15]\n- Fix delayed mouse mode\n Resolves: rhbz#1149585\n[3.8.4-14]\n- Preserve window placement on monitor changes\n Resolves: rhbz#1126754\n[3.8.4-13]\n- Improve handling of vertical monitor layouts\n Resolves: rhbz#1108322\n[3.8.4-13]\n- Add patches for quadbuffer stereo suppport\n Fix a bad performance problem drawing window thumbnails\n Resolves: rhbz#861507", "edition": 4, "modified": "2015-03-11T00:00:00", "published": "2015-03-11T00:00:00", "id": "ELSA-2015-0535", "href": "http://linux.oracle.com/errata/ELSA-2015-0535.html", "title": "GNOME Shell security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7300"], "description": "GNOME Shell and the packages it depends upon provide the core user interface of\nthe Red Hat Enterprise Linux desktop, including functions such as navigating\nbetween windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key when the\nscreen was locked. This could allow an attacker with physical access to a system\nwith a locked screen to crash the screen-locking application by creating a large\namount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs:\n\n* The Timed Login feature, which automatically logs in a specified user after a\nspecified period of time, stopped working after the first user of the GUI logged\nout. This has been fixed, and the specified user is always logged in if no one\nelse logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor above the\nprimary monitor, it was impossible to move windows onto the secondary monitor.\nWith this update, windows can be moved through the upper edge of the first\nmonitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user entered\nthe user name, the password prompt did not appear. Instead, the user had to\nenter the user name one more time. The GDM code that contained this error has\nbeen fixed, and users can enter their user names and passwords as expected.\n(BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM login screen\nfor a custom text banner. As a consequence, when a long banner was used, it did\nnot fit into the area, and the person reading the banner had to use scrollbars\nto view the whole text. With this update, more space is used for the banner if\nnecessary, which allows the user to read the message conveniently. (BZ#1110036)\n\n* When the Cancel button was pressed while an LDAP user name and password was\nbeing validated, the GDM code did not handle the situation correctly. As a\nconsequence, GDM became unresponsive, and it was impossible to return to the\nlogin screen. The affected code has been fixed, and LDAP user validation can be\ncanceled, allowing another user to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to \"mouse\" or \"sloppy\", navigating\nthrough areas of a pop-up menu displayed outside its parent window caused the\nwindow to lose its focus. Consequently, the menu was not usable. This has been\nfixed, and the window focus is kept in under this scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log in, user\nnames are obtained from the smart card. The authentication is then performed by\nentering the smart card PIN. Prior to this update, the login screen allowed a\nuser name to be entered if no smart card was inserted, but due to a bug in the\nunderlying code, the screen became unresponsive. If, on the other hand, a smart\ncard was used for authentication, the user was logged in as soon as the\nauthentication was complete. As a consequence, it was impossible to select a\nsession other than GNOME Classic. Both of these problems have been fixed. Now, a\nsmart card is required when this type of authentication is enabled, and any\nother installed session can be selected by the user. (BZ#1159385, BZ#1163474)\n\nIn addition, this update adds the following enhancement:\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a result,\nOpenGL applications that use quad-buffer stereo can be run and properly\ndisplayed within the GNOME desktop when used with a video driver and hardware\nwith the necessary capabilities. (BZ#861507, BZ#1108890, BZ#1108891, BZ#1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this enhancement.\n", "modified": "2018-04-12T03:32:38", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0535", "href": "https://access.redhat.com/errata/RHSA-2015:0535", "type": "redhat", "title": "(RHSA-2015:0535) Low: GNOME Shell security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7300"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0535\n\n\nGNOME Shell and the packages it depends upon provide the core user interface of\nthe Red Hat Enterprise Linux desktop, including functions such as navigating\nbetween windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key when the\nscreen was locked. This could allow an attacker with physical access to a system\nwith a locked screen to crash the screen-locking application by creating a large\namount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs:\n\n* The Timed Login feature, which automatically logs in a specified user after a\nspecified period of time, stopped working after the first user of the GUI logged\nout. This has been fixed, and the specified user is always logged in if no one\nelse logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor above the\nprimary monitor, it was impossible to move windows onto the secondary monitor.\nWith this update, windows can be moved through the upper edge of the first\nmonitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user entered\nthe user name, the password prompt did not appear. Instead, the user had to\nenter the user name one more time. The GDM code that contained this error has\nbeen fixed, and users can enter their user names and passwords as expected.\n(BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM login screen\nfor a custom text banner. As a consequence, when a long banner was used, it did\nnot fit into the area, and the person reading the banner had to use scrollbars\nto view the whole text. With this update, more space is used for the banner if\nnecessary, which allows the user to read the message conveniently. (BZ#1110036)\n\n* When the Cancel button was pressed while an LDAP user name and password was\nbeing validated, the GDM code did not handle the situation correctly. As a\nconsequence, GDM became unresponsive, and it was impossible to return to the\nlogin screen. The affected code has been fixed, and LDAP user validation can be\ncanceled, allowing another user to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to \"mouse\" or \"sloppy\", navigating\nthrough areas of a pop-up menu displayed outside its parent window caused the\nwindow to lose its focus. Consequently, the menu was not usable. This has been\nfixed, and the window focus is kept in under this scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log in, user\nnames are obtained from the smart card. The authentication is then performed by\nentering the smart card PIN. Prior to this update, the login screen allowed a\nuser name to be entered if no smart card was inserted, but due to a bug in the\nunderlying code, the screen became unresponsive. If, on the other hand, a smart\ncard was used for authentication, the user was logged in as soon as the\nauthentication was complete. As a consequence, it was impossible to select a\nsession other than GNOME Classic. Both of these problems have been fixed. Now, a\nsmart card is required when this type of authentication is enabled, and any\nother installed session can be selected by the user. (BZ#1159385, BZ#1163474)\n\nIn addition, this update adds the following enhancement:\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a result,\nOpenGL applications that use quad-buffer stereo can be run and properly\ndisplayed within the GNOME desktop when used with a video driver and hardware\nwith the necessary capabilities. (BZ#861507, BZ#1108890, BZ#1108891, BZ#1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this enhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007708.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007709.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007765.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007888.html\n\n**Affected packages:**\nclutter\nclutter-devel\nclutter-doc\ncogl\ncogl-devel\ncogl-doc\ngnome-shell\ngnome-shell-browser-plugin\nmutter\nmutter-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0535.html", "edition": 83, "modified": "2015-03-17T13:29:09", "published": "2015-03-17T13:27:42", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/007708.html", "id": "CESA-2015:0535", "title": "clutter, cogl, gnome, mutter security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:30:04", "description": "Updated gnome-shell, mutter, clutter, and cogl packages that fix one\nsecurity issue, several bugs, and add one enhancement are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nGNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions\nsuch as navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n* The Timed Login feature, which automatically logs in a specified\nuser after a specified period of time, stopped working after the first\nuser of the GUI logged out. This has been fixed, and the specified\nuser is always logged in if no one else logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor\nabove the primary monitor, it was impossible to move windows onto the\nsecondary monitor. With this update, windows can be moved through the\nupper edge of the first monitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead,\nthe user had to enter the user name one more time. The GDM code that\ncontained this error has been fixed, and users can enter their user\nnames and passwords as expected. (BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM\nlogin screen for a custom text banner. As a consequence, when a long\nbanner was used, it did not fit into the area, and the person reading\nthe banner had to use scrollbars to view the whole text. With this\nupdate, more space is used for the banner if necessary, which allows\nthe user to read the message conveniently. (BZ# 1110036)\n\n* When the Cancel button was pressed while an LDAP user name and\npassword was being validated, the GDM code did not handle the\nsituation correctly. As a consequence, GDM became unresponsive, and it\nwas impossible to return to the login screen. The affected code has\nbeen fixed, and LDAP user validation can be canceled, allowing another\nuser to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was\nnot usable. This has been fixed, and the window focus is kept in under\nthis scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log\nin, user names are obtained from the smart card. The authentication is\nthen performed by entering the smart card PIN. Prior to this update,\nthe login screen allowed a user name to be entered if no smart card\nwas inserted, but due to a bug in the underlying code, the screen\nbecame unresponsive. If, on the other hand, a smart card was used for\nauthentication, the user was logged in as soon as the authentication\nwas complete. As a consequence, it was impossible to select a session\nother than GNOME Classic. Both of these problems have been fixed. Now,\na smart card is required when this type of authentication is enabled,\nand any other installed session can be selected by the user.\n(BZ#1159385, BZ# 1163474)\n\nIn addition, this update adds the following enhancement :\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a\nresult, OpenGL applications that use quad-buffer stereo can be run and\nproperly displayed within the GNOME desktop when used with a video\ndriver and hardware with the necessary capabilities. (BZ#861507,\nBZ#1108890, BZ#1108891, BZ# 1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.", "edition": 27, "published": "2015-03-18T00:00:00", "title": "CentOS 7 : clutter / cogl / gnome-shell / mutter (CESA-2015:0535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "modified": "2015-03-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cogl-devel", "p-cpe:/a:centos:centos:cogl", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:mutter", "p-cpe:/a:centos:centos:clutter-doc", "p-cpe:/a:centos:centos:gnome-shell", "p-cpe:/a:centos:centos:gnome-shell-browser-plugin", "p-cpe:/a:centos:centos:cogl-doc", "p-cpe:/a:centos:centos:clutter", "p-cpe:/a:centos:centos:clutter-devel", "p-cpe:/a:centos:centos:mutter-devel"], "id": "CENTOS_RHSA-2015-0535.NASL", "href": "https://www.tenable.com/plugins/nessus/81898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0535 and \n# CentOS Errata and Security Advisory 2015:0535 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81898);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-7300\");\n script_xref(name:\"RHSA\", value:\"2015:0535\");\n\n script_name(english:\"CentOS 7 : clutter / cogl / gnome-shell / mutter (CESA-2015:0535)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnome-shell, mutter, clutter, and cogl packages that fix one\nsecurity issue, several bugs, and add one enhancement are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nGNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions\nsuch as navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n* The Timed Login feature, which automatically logs in a specified\nuser after a specified period of time, stopped working after the first\nuser of the GUI logged out. This has been fixed, and the specified\nuser is always logged in if no one else logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor\nabove the primary monitor, it was impossible to move windows onto the\nsecondary monitor. With this update, windows can be moved through the\nupper edge of the first monitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead,\nthe user had to enter the user name one more time. The GDM code that\ncontained this error has been fixed, and users can enter their user\nnames and passwords as expected. (BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM\nlogin screen for a custom text banner. As a consequence, when a long\nbanner was used, it did not fit into the area, and the person reading\nthe banner had to use scrollbars to view the whole text. With this\nupdate, more space is used for the banner if necessary, which allows\nthe user to read the message conveniently. (BZ# 1110036)\n\n* When the Cancel button was pressed while an LDAP user name and\npassword was being validated, the GDM code did not handle the\nsituation correctly. As a consequence, GDM became unresponsive, and it\nwas impossible to return to the login screen. The affected code has\nbeen fixed, and LDAP user validation can be canceled, allowing another\nuser to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was\nnot usable. This has been fixed, and the window focus is kept in under\nthis scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log\nin, user names are obtained from the smart card. The authentication is\nthen performed by entering the smart card PIN. Prior to this update,\nthe login screen allowed a user name to be entered if no smart card\nwas inserted, but due to a bug in the underlying code, the screen\nbecame unresponsive. If, on the other hand, a smart card was used for\nauthentication, the user was logged in as soon as the authentication\nwas complete. As a consequence, it was impossible to select a session\nother than GNOME Classic. Both of these problems have been fixed. Now,\na smart card is required when this type of authentication is enabled,\nand any other installed session can be selected by the user.\n(BZ#1159385, BZ# 1163474)\n\nIn addition, this update adds the following enhancement :\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a\nresult, OpenGL applications that use quad-buffer stereo can be run and\nproperly displayed within the GNOME desktop when used with a video\ndriver and hardware with the necessary capabilities. (BZ#861507,\nBZ#1108890, BZ#1108891, BZ# 1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001508.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11b88873\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001509.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89115c85\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5b78c63\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001688.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8565fa4e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7300\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:clutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:clutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:clutter-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cogl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cogl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cogl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"clutter-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"clutter-devel-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"clutter-doc-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cogl-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cogl-devel-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cogl-doc-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnome-shell-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnome-shell-browser-plugin-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mutter-3.8.4-16.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mutter-devel-3.8.4-16.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clutter / clutter-devel / clutter-doc / cogl / cogl-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:41", "description": "It was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n - The Timed Login feature, which automatically logs in a\n specified user after a specified period of time, stopped\n working after the first user of the GUI logged out. This\n has been fixed, and the specified user is always logged\n in if no one else logs in.\n\n - If two monitors were arranged vertically with the\n secondary monitor above the primary monitor, it was\n impossible to move windows onto the secondary monitor.\n With this update, windows can be moved through the upper\n edge of the first monitor to the secondary monitor.\n\n - If the Gnome Display Manager (GDM) user list was\n disabled and a user entered the user name, the password\n prompt did not appear. Instead, the user had to enter\n the user name one more time. The GDM code that contained\n this error has been fixed, and users can enter their\n user names and passwords as expected.\n\n - Prior to this update, only a small area was available on\n the GDM login screen for a custom text banner. As a\n consequence, when a long banner was used, it did not fit\n into the area, and the person reading the banner had to\n use scrollbars to view the whole text. With this update,\n more space is used for the banner if necessary, which\n allows the user to read the message conveniently.\n\n - When the Cancel button was pressed while an LDAP user\n name and password was being validated, the GDM code did\n not handle the situation correctly. As a consequence,\n GDM became unresponsive, and it was impossible to return\n to the login screen. The affected code has been fixed,\n and LDAP user validation can be canceled, allowing\n another user to log in instead.\n\n - If the window focus mode in GNOME was set to 'mouse' or\n 'sloppy', navigating through areas of a pop-up menu\n displayed outside its parent window caused the window to\n lose its focus. Consequently, the menu was not usable.\n This has been fixed, and the window focus is kept in\n under this scenario.\n\n - If user authentication is configured to require a smart\n card to log in, user names are obtained from the smart\n card. The authentication is then performed by entering\n the smart card PIN. Prior to this update, the login\n screen allowed a user name to be entered if no smart\n card was inserted, but due to a bug in the underlying\n code, the screen became unresponsive. If, on the other\n hand, a smart card was used for authentication, the user\n was logged in as soon as the authentication was\n complete. As a consequence, it was impossible to select\n a session other than GNOME Classic. Both of these\n problems have been fixed. Now, a smart card is required\n when this type of authentication is enabled, and any\n other installed session can be selected by the user.\n\nIn addition, this update adds the following enhancement :\n\n - Support for quad-buffer OpenGL stereo visuals has been\n added. As a result, OpenGL applications that use\n quad-buffer stereo can be run and properly displayed\n within the GNOME desktop when used with a video driver\n and hardware with the necessary capabilities.", "edition": 15, "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : GNOME Shell on SL7.x x86_64 (20150305)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:clutter-doc", "p-cpe:/a:fermilab:scientific_linux:clutter-devel", "p-cpe:/a:fermilab:scientific_linux:cogl-devel", "p-cpe:/a:fermilab:scientific_linux:cogl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnome-shell-debuginfo", "p-cpe:/a:fermilab:scientific_linux:mutter-debuginfo", "p-cpe:/a:fermilab:scientific_linux:mutter-devel", "p-cpe:/a:fermilab:scientific_linux:cogl-doc", "p-cpe:/a:fermilab:scientific_linux:gnome-shell", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:cogl", "p-cpe:/a:fermilab:scientific_linux:clutter", "p-cpe:/a:fermilab:scientific_linux:mutter", "p-cpe:/a:fermilab:scientific_linux:clutter-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnome-shell-browser-plugin"], "id": "SL_20150305_GNOME_SHELL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82249", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82249);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7300\");\n\n script_name(english:\"Scientific Linux Security Update : GNOME Shell on SL7.x x86_64 (20150305)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n - The Timed Login feature, which automatically logs in a\n specified user after a specified period of time, stopped\n working after the first user of the GUI logged out. This\n has been fixed, and the specified user is always logged\n in if no one else logs in.\n\n - If two monitors were arranged vertically with the\n secondary monitor above the primary monitor, it was\n impossible to move windows onto the secondary monitor.\n With this update, windows can be moved through the upper\n edge of the first monitor to the secondary monitor.\n\n - If the Gnome Display Manager (GDM) user list was\n disabled and a user entered the user name, the password\n prompt did not appear. Instead, the user had to enter\n the user name one more time. The GDM code that contained\n this error has been fixed, and users can enter their\n user names and passwords as expected.\n\n - Prior to this update, only a small area was available on\n the GDM login screen for a custom text banner. As a\n consequence, when a long banner was used, it did not fit\n into the area, and the person reading the banner had to\n use scrollbars to view the whole text. With this update,\n more space is used for the banner if necessary, which\n allows the user to read the message conveniently.\n\n - When the Cancel button was pressed while an LDAP user\n name and password was being validated, the GDM code did\n not handle the situation correctly. As a consequence,\n GDM became unresponsive, and it was impossible to return\n to the login screen. The affected code has been fixed,\n and LDAP user validation can be canceled, allowing\n another user to log in instead.\n\n - If the window focus mode in GNOME was set to 'mouse' or\n 'sloppy', navigating through areas of a pop-up menu\n displayed outside its parent window caused the window to\n lose its focus. Consequently, the menu was not usable.\n This has been fixed, and the window focus is kept in\n under this scenario.\n\n - If user authentication is configured to require a smart\n card to log in, user names are obtained from the smart\n card. The authentication is then performed by entering\n the smart card PIN. Prior to this update, the login\n screen allowed a user name to be entered if no smart\n card was inserted, but due to a bug in the underlying\n code, the screen became unresponsive. If, on the other\n hand, a smart card was used for authentication, the user\n was logged in as soon as the authentication was\n complete. As a consequence, it was impossible to select\n a session other than GNOME Classic. Both of these\n problems have been fixed. Now, a smart card is required\n when this type of authentication is enabled, and any\n other installed session can be selected by the user.\n\nIn addition, this update adds the following enhancement :\n\n - Support for quad-buffer OpenGL stereo visuals has been\n added. As a result, OpenGL applications that use\n quad-buffer stereo can be run and properly displayed\n within the GNOME desktop when used with a video driver\n and hardware with the necessary capabilities.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=3492\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9c668c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:clutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:clutter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:clutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:clutter-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cogl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cogl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cogl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cogl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnome-shell-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnome-shell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mutter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"clutter-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"clutter-debuginfo-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"clutter-devel-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"clutter-doc-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cogl-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cogl-debuginfo-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cogl-devel-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"cogl-doc-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnome-shell-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnome-shell-browser-plugin-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnome-shell-debuginfo-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mutter-3.8.4-16.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mutter-debuginfo-3.8.4-16.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mutter-devel-3.8.4-16.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clutter / clutter-debuginfo / clutter-devel / clutter-doc / cogl / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:50", "description": "From Red Hat Security Advisory 2015:0535 :\n\nUpdated gnome-shell, mutter, clutter, and cogl packages that fix one\nsecurity issue, several bugs, and add one enhancement are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nGNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions\nsuch as navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n* The Timed Login feature, which automatically logs in a specified\nuser after a specified period of time, stopped working after the first\nuser of the GUI logged out. This has been fixed, and the specified\nuser is always logged in if no one else logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor\nabove the primary monitor, it was impossible to move windows onto the\nsecondary monitor. With this update, windows can be moved through the\nupper edge of the first monitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead,\nthe user had to enter the user name one more time. The GDM code that\ncontained this error has been fixed, and users can enter their user\nnames and passwords as expected. (BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM\nlogin screen for a custom text banner. As a consequence, when a long\nbanner was used, it did not fit into the area, and the person reading\nthe banner had to use scrollbars to view the whole text. With this\nupdate, more space is used for the banner if necessary, which allows\nthe user to read the message conveniently. (BZ# 1110036)\n\n* When the Cancel button was pressed while an LDAP user name and\npassword was being validated, the GDM code did not handle the\nsituation correctly. As a consequence, GDM became unresponsive, and it\nwas impossible to return to the login screen. The affected code has\nbeen fixed, and LDAP user validation can be canceled, allowing another\nuser to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was\nnot usable. This has been fixed, and the window focus is kept in under\nthis scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log\nin, user names are obtained from the smart card. The authentication is\nthen performed by entering the smart card PIN. Prior to this update,\nthe login screen allowed a user name to be entered if no smart card\nwas inserted, but due to a bug in the underlying code, the screen\nbecame unresponsive. If, on the other hand, a smart card was used for\nauthentication, the user was logged in as soon as the authentication\nwas complete. As a consequence, it was impossible to select a session\nother than GNOME Classic. Both of these problems have been fixed. Now,\na smart card is required when this type of authentication is enabled,\nand any other installed session can be selected by the user.\n(BZ#1159385, BZ# 1163474)\n\nIn addition, this update adds the following enhancement :\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a\nresult, OpenGL applications that use quad-buffer stereo can be run and\nproperly displayed within the GNOME desktop when used with a video\ndriver and hardware with the necessary capabilities. (BZ#861507,\nBZ#1108890, BZ#1108891, BZ# 1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.", "edition": 25, "published": "2015-03-13T00:00:00", "title": "Oracle Linux 7 : GNOME / Shell (ELSA-2015-0535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "modified": "2015-03-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:clutter-devel", "p-cpe:/a:oracle:linux:gnome-shell", "p-cpe:/a:oracle:linux:mutter-devel", "p-cpe:/a:oracle:linux:clutter-doc", "p-cpe:/a:oracle:linux:clutter", "p-cpe:/a:oracle:linux:cogl-devel", "p-cpe:/a:oracle:linux:cogl", "p-cpe:/a:oracle:linux:mutter", "p-cpe:/a:oracle:linux:cogl-doc", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:gnome-shell-browser-plugin"], "id": "ORACLELINUX_ELSA-2015-0535.NASL", "href": "https://www.tenable.com/plugins/nessus/81807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0535 and \n# Oracle Linux Security Advisory ELSA-2015-0535 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81807);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7300\");\n script_bugtraq_id(70178);\n script_xref(name:\"RHSA\", value:\"2015:0535\");\n\n script_name(english:\"Oracle Linux 7 : GNOME / Shell (ELSA-2015-0535)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0535 :\n\nUpdated gnome-shell, mutter, clutter, and cogl packages that fix one\nsecurity issue, several bugs, and add one enhancement are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nGNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions\nsuch as navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n* The Timed Login feature, which automatically logs in a specified\nuser after a specified period of time, stopped working after the first\nuser of the GUI logged out. This has been fixed, and the specified\nuser is always logged in if no one else logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor\nabove the primary monitor, it was impossible to move windows onto the\nsecondary monitor. With this update, windows can be moved through the\nupper edge of the first monitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead,\nthe user had to enter the user name one more time. The GDM code that\ncontained this error has been fixed, and users can enter their user\nnames and passwords as expected. (BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM\nlogin screen for a custom text banner. As a consequence, when a long\nbanner was used, it did not fit into the area, and the person reading\nthe banner had to use scrollbars to view the whole text. With this\nupdate, more space is used for the banner if necessary, which allows\nthe user to read the message conveniently. (BZ# 1110036)\n\n* When the Cancel button was pressed while an LDAP user name and\npassword was being validated, the GDM code did not handle the\nsituation correctly. As a consequence, GDM became unresponsive, and it\nwas impossible to return to the login screen. The affected code has\nbeen fixed, and LDAP user validation can be canceled, allowing another\nuser to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was\nnot usable. This has been fixed, and the window focus is kept in under\nthis scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log\nin, user names are obtained from the smart card. The authentication is\nthen performed by entering the smart card PIN. Prior to this update,\nthe login screen allowed a user name to be entered if no smart card\nwas inserted, but due to a bug in the underlying code, the screen\nbecame unresponsive. If, on the other hand, a smart card was used for\nauthentication, the user was logged in as soon as the authentication\nwas complete. As a consequence, it was impossible to select a session\nother than GNOME Classic. Both of these problems have been fixed. Now,\na smart card is required when this type of authentication is enabled,\nand any other installed session can be selected by the user.\n(BZ#1159385, BZ# 1163474)\n\nIn addition, this update adds the following enhancement :\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a\nresult, OpenGL applications that use quad-buffer stereo can be run and\nproperly displayed within the GNOME desktop when used with a video\ndriver and hardware with the necessary capabilities. (BZ#861507,\nBZ#1108890, BZ#1108891, BZ# 1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004881.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome and / or shell packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:clutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:clutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:clutter-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cogl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cogl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cogl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"clutter-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"clutter-devel-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"clutter-doc-1.14.4-12.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cogl-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cogl-devel-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cogl-doc-1.14.0-6.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnome-shell-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnome-shell-browser-plugin-3.8.4-45.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mutter-3.8.4-16.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mutter-devel-3.8.4-16.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clutter / clutter-devel / clutter-doc / cogl / cogl-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:22:25", "description": "gnome-settings-daemon was updated to fix a bug and a security issue :\n\nSecurity issue fixed :\n\n - CVE-2014-7300: The lockscreen can be bypassed with the\n Print Screen button.\n\nBug fixed :\n\n - Do not hide the cursor while there was no mutter running\n (bsc#905158).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : gnome-settings-daemon (SUSE-SU-2015:0515-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "modified": "2015-05-20T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:gnome-settings-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:gnome-settings-daemon", "p-cpe:/a:novell:suse_linux:gnome-settings-daemon-debugsource"], "id": "SUSE_SU-2015-0515-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0515-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83700);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-7300\");\n script_bugtraq_id(70178);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gnome-settings-daemon (SUSE-SU-2015:0515-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gnome-settings-daemon was updated to fix a bug and a security issue :\n\nSecurity issue fixed :\n\n - CVE-2014-7300: The lockscreen can be bypassed with the\n Print Screen button.\n\nBug fixed :\n\n - Do not hide the cursor while there was no mutter running\n (bsc#905158).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7300/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150515-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a178c787\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-126=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-126=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-126=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gnome-settings-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gnome-settings-daemon-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gnome-settings-daemon-3.10.2-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gnome-settings-daemon-debuginfo-3.10.2-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gnome-settings-daemon-debugsource-3.10.2-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gnome-settings-daemon-3.10.2-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gnome-settings-daemon-debuginfo-3.10.2-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gnome-settings-daemon-debugsource-3.10.2-20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-settings-daemon\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T05:34:25", "description": "Updated gnome-shell, mutter, clutter, and cogl packages that fix one\nsecurity issue, several bugs, and add one enhancement are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nGNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions\nsuch as navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n* The Timed Login feature, which automatically logs in a specified\nuser after a specified period of time, stopped working after the first\nuser of the GUI logged out. This has been fixed, and the specified\nuser is always logged in if no one else logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor\nabove the primary monitor, it was impossible to move windows onto the\nsecondary monitor. With this update, windows can be moved through the\nupper edge of the first monitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead,\nthe user had to enter the user name one more time. The GDM code that\ncontained this error has been fixed, and users can enter their user\nnames and passwords as expected. (BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM\nlogin screen for a custom text banner. As a consequence, when a long\nbanner was used, it did not fit into the area, and the person reading\nthe banner had to use scrollbars to view the whole text. With this\nupdate, more space is used for the banner if necessary, which allows\nthe user to read the message conveniently. (BZ# 1110036)\n\n* When the Cancel button was pressed while an LDAP user name and\npassword was being validated, the GDM code did not handle the\nsituation correctly. As a consequence, GDM became unresponsive, and it\nwas impossible to return to the login screen. The affected code has\nbeen fixed, and LDAP user validation can be canceled, allowing another\nuser to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was\nnot usable. This has been fixed, and the window focus is kept in under\nthis scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log\nin, user names are obtained from the smart card. The authentication is\nthen performed by entering the smart card PIN. Prior to this update,\nthe login screen allowed a user name to be entered if no smart card\nwas inserted, but due to a bug in the underlying code, the screen\nbecame unresponsive. If, on the other hand, a smart card was used for\nauthentication, the user was logged in as soon as the authentication\nwas complete. As a consequence, it was impossible to select a session\nother than GNOME Classic. Both of these problems have been fixed. Now,\na smart card is required when this type of authentication is enabled,\nand any other installed session can be selected by the user.\n(BZ#1159385, BZ# 1163474)\n\nIn addition, this update adds the following enhancement :\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a\nresult, OpenGL applications that use quad-buffer stereo can be run and\nproperly displayed within the GNOME desktop when used with a video\ndriver and hardware with the necessary capabilities. (BZ#861507,\nBZ#1108890, BZ#1108891, BZ# 1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.", "edition": 30, "published": "2015-03-05T00:00:00", "title": "RHEL 7 : GNOME Shell (RHSA-2015:0535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnome-shell-browser-plugin", "p-cpe:/a:redhat:enterprise_linux:clutter", "p-cpe:/a:redhat:enterprise_linux:mutter-devel", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:clutter-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cogl-doc", "p-cpe:/a:redhat:enterprise_linux:cogl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gnome-shell-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gnome-shell", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:cogl-devel", "p-cpe:/a:redhat:enterprise_linux:mutter-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cogl", "p-cpe:/a:redhat:enterprise_linux:clutter-doc", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mutter", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:clutter-devel", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2015-0535.NASL", "href": "https://www.tenable.com/plugins/nessus/81639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0535. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81639);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-7300\");\n script_xref(name:\"RHSA\", value:\"2015:0535\");\n\n script_name(english:\"RHEL 7 : GNOME Shell (RHSA-2015:0535)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnome-shell, mutter, clutter, and cogl packages that fix one\nsecurity issue, several bugs, and add one enhancement are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nGNOME Shell and the packages it depends upon provide the core user\ninterface of the Red Hat Enterprise Linux desktop, including functions\nsuch as navigating between windows and launching applications.\n\nIt was found that the GNOME shell did not disable the Print Screen key\nwhen the screen was locked. This could allow an attacker with physical\naccess to a system with a locked screen to crash the screen-locking\napplication by creating a large amount of screenshots. (CVE-2014-7300)\n\nThis update also fixes the following bugs :\n\n* The Timed Login feature, which automatically logs in a specified\nuser after a specified period of time, stopped working after the first\nuser of the GUI logged out. This has been fixed, and the specified\nuser is always logged in if no one else logs in. (BZ#1043571)\n\n* If two monitors were arranged vertically with the secondary monitor\nabove the primary monitor, it was impossible to move windows onto the\nsecondary monitor. With this update, windows can be moved through the\nupper edge of the first monitor to the secondary monitor. (BZ#1075240)\n\n* If the Gnome Display Manager (GDM) user list was disabled and a user\nentered the user name, the password prompt did not appear. Instead,\nthe user had to enter the user name one more time. The GDM code that\ncontained this error has been fixed, and users can enter their user\nnames and passwords as expected. (BZ#1109530)\n\n* Prior to this update, only a small area was available on the GDM\nlogin screen for a custom text banner. As a consequence, when a long\nbanner was used, it did not fit into the area, and the person reading\nthe banner had to use scrollbars to view the whole text. With this\nupdate, more space is used for the banner if necessary, which allows\nthe user to read the message conveniently. (BZ# 1110036)\n\n* When the Cancel button was pressed while an LDAP user name and\npassword was being validated, the GDM code did not handle the\nsituation correctly. As a consequence, GDM became unresponsive, and it\nwas impossible to return to the login screen. The affected code has\nbeen fixed, and LDAP user validation can be canceled, allowing another\nuser to log in instead. (BZ#1137041)\n\n* If the window focus mode in GNOME was set to 'mouse' or 'sloppy',\nnavigating through areas of a pop-up menu displayed outside its parent\nwindow caused the window to lose its focus. Consequently, the menu was\nnot usable. This has been fixed, and the window focus is kept in under\nthis scenario. (BZ#1149585)\n\n* If user authentication is configured to require a smart card to log\nin, user names are obtained from the smart card. The authentication is\nthen performed by entering the smart card PIN. Prior to this update,\nthe login screen allowed a user name to be entered if no smart card\nwas inserted, but due to a bug in the underlying code, the screen\nbecame unresponsive. If, on the other hand, a smart card was used for\nauthentication, the user was logged in as soon as the authentication\nwas complete. As a consequence, it was impossible to select a session\nother than GNOME Classic. Both of these problems have been fixed. Now,\na smart card is required when this type of authentication is enabled,\nand any other installed session can be selected by the user.\n(BZ#1159385, BZ# 1163474)\n\nIn addition, this update adds the following enhancement :\n\n* Support for quad-buffer OpenGL stereo visuals has been added. As a\nresult, OpenGL applications that use quad-buffer stereo can be run and\nproperly displayed within the GNOME desktop when used with a video\ndriver and hardware with the necessary capabilities. (BZ#861507,\nBZ#1108890, BZ#1108891, BZ# 1108893)\n\nAll GNOME Shell users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7300\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:clutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:clutter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:clutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:clutter-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cogl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cogl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cogl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cogl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-shell-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-shell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mutter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0535\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"clutter-1.14.4-12.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"clutter-debuginfo-1.14.4-12.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"clutter-devel-1.14.4-12.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"clutter-doc-1.14.4-12.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"clutter-doc-1.14.4-12.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"cogl-1.14.0-6.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"cogl-debuginfo-1.14.0-6.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"cogl-devel-1.14.0-6.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"cogl-doc-1.14.0-6.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnome-shell-3.8.4-45.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnome-shell-3.8.4-45.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnome-shell-browser-plugin-3.8.4-45.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnome-shell-browser-plugin-3.8.4-45.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnome-shell-debuginfo-3.8.4-45.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnome-shell-debuginfo-3.8.4-45.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mutter-3.8.4-16.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mutter-debuginfo-3.8.4-16.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mutter-devel-3.8.4-16.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clutter / clutter-debuginfo / clutter-devel / clutter-doc / cogl / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:07", "description": "Security fix for lock screen circumvention by consecutive screenshot\nrequests triggering OOM situation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-10-20T00:00:00", "title": "Fedora 20 : gnome-shell-3.10.4-9.fc20 (2014-12690)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7300"], "modified": "2014-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnome-shell", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-12690.NASL", "href": "https://www.tenable.com/plugins/nessus/78569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-12690.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7300\");\n script_bugtraq_id(70178);\n script_xref(name:\"FEDORA\", value:\"2014-12690\");\n\n script_name(english:\"Fedora 20 : gnome-shell-3.10.4-9.fc20 (2014-12690)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for lock screen circumvention by consecutive screenshot\nrequests triggering OOM situation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1147917\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1686c48b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-shell package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"gnome-shell-3.10.4-9.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-shell\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7300"], "description": "GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. GNOME Shell takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a visually attractive and easy to use experience. ", "modified": "2014-10-18T16:58:08", "published": "2014-10-18T16:58:08", "id": "FEDORA:97F5060E5215", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: gnome-shell-3.10.4-9.fc20", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}

openSUSE Security Update : gnome-settings-daemon (openSUSE-SU-2014:1348-1)

Description

Add gnome-settings-daemon-no-lockscreen-screenshot.patch : media-keys: Disallow screenshots when locked (boo#900031, bgo#737456, CVE-2014-7300).

Add gnome-settings-daemon-no-lockscreen-screenshot.patch :

media-keys: Disallow screenshots when locked (boo#900031, bgo#737456, CVE-2014-7300).