Red Hat Enterprise Linux 7 update for gnome
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-5819 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
libkdcraw (Red Hat package) Operating systems & Components / Operating system package or component pidgin (Red Hat package) Operating systems & Components / Operating system package or component gnome-session (Red Hat package) Operating systems & Components / Operating system package or component glib2 (Red Hat package) Operating systems & Components / Operating system package or component xchat (Red Hat package) Operating systems & Components / Operating system package or component plymouth (Red Hat package) Operating systems & Components / Operating system package or component pango (Red Hat package) Operating systems & Components / Operating system package or component nautilus (Red Hat package) Operating systems & Components / Operating system package or component mutter (Red Hat package) Operating systems & Components / Operating system package or component libgnomekbd (Red Hat package) Operating systems & Components / Operating system package or component gnome-shell-extensions (Red Hat package) Operating systems & Components / Operating system package or component gnome-shell (Red Hat package) Operating systems & Components / Operating system package or component gnome-settings-daemon (Red Hat package) Operating systems & Components / Operating system package or component gnome-boxes (Red Hat package) Operating systems & Components / Operating system package or component desktop-file-utils (Red Hat package) Operating systems & Components / Operating system package or component cairo (Red Hat package) Operating systems & Components / Operating system package or component accountsservice (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, big endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for Scientific Computing Operating systems & Components / Operating system Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU17353
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-5819
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the parse_sinar_ia function
of dcraw_common.cpp due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted input and cause the service to crash.
Install updates from vendor's website.
libkdcraw (Red Hat package): 4.10.5-5.el7
pidgin (Red Hat package): 2.10.11-5.el7
gnome-session (Red Hat package): 3.22.3-4.el7
glib2 (Red Hat package): 2.42.2-5.el7
Red Hat Enterprise Linux for Power, little endian: 7
Red Hat Enterprise Linux for Power, big endian: 7
Red Hat Enterprise Linux for IBM z Systems: 7
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
xchat (Red Hat package): before 2.8.8-24.el7
plymouth (Red Hat package): before 0.8.9-0.32.20140113.el7
pango (Red Hat package): before 1.42.4-3.el7
nautilus (Red Hat package): before 3.26.3.1-6.el7
mutter (Red Hat package): before 3.28.3-10.el7
libgnomekbd (Red Hat package): before 3.26.0-3.el7
gnome-shell-extensions (Red Hat package): before 3.28.1-7.el7
gnome-shell (Red Hat package): before 3.28.3-11.el7
gnome-settings-daemon (Red Hat package): before 3.28.1-4.el7
gnome-boxes (Red Hat package): before 3.28.5-4.el7
desktop-file-utils (Red Hat package): before 0.23-2.el7
cairo (Red Hat package): before 1.15.12-4.el7
accountsservice (Red Hat package): before 0.6.50-5.el7
CPE2.3- cpe:2.3:o:red_hat:libkdcraw_redhat_package:4.10.5-5.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:pidgin_redhat_package:2.10.11-5.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:gnome-session_redhat_package:3.22.3-4.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:glib2_redhat_package:2.42.2-5.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:xchat_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:plymouth_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:pango_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:nautilus_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:mutter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libgnomekbd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:gnome-shell-extensions_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:gnome-shell_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:gnome-settings-daemon_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:gnome-boxes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:desktop-file-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cairo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:accountsservice_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHBA-2019:2044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
