gnome-shell-3.28.3-34.0.2.el7.AXS7

エラータID: AXSA:2025-9565:01

Release date: 
Tuesday, January 21, 2025 - 17:23
Subject: 
gnome-shell-3.28.3-34.0.2.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

GNOME Shell provides core user interface functions for the GNOME 3 desktop, like
switching to windows and launching applications. GNOME Shell takes advantage of
the capabilities of modern graphics hardware and introduces innovative user
interface concepts to provide a visually attractive and easy to use experience.

Security Fix(es):

* CVE-2024-36472: fix portal helper from launching automatically based on
network responses to prevent loading untrusted JavaScript code

CVE(s):
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

Solution: 

Update packages.

CVEs: 
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. gnome-shell-3.28.3-34.0.2.el7.AXS7.x86_64.rpm
    MD5: 12df953ba3628128865667e4f55e9ae1
    SHA-256: ad68dea84f55a1e5beaadb7bf8f64bcf1a3eed572485aa6e1ab80df9fd40c0ec
    Size: 2.08 MB