INFSA-2024:5298: GNOME Shell security update
Information about definition
Identificator: INFSA-2024:5298
Type: security
Release date: 2024-08-27 10:11:53 UTC
Information about package
GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts.
Vulnerabilities description
- CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-36472
|
no information | 7.5 | no information |
Updated packages