{"id":"MGASA-2018-0055","summary":"Updated gnome-shell packages fix security vulnerability","details":"gnome-shell through 3.24.1 mishandles extensions that fail to reload,\nwhich can lead to leaving extensions enabled in the lock screen. With\nthese extensions, a bystander could launch applications (but not interact\nwith them), see information from the extensions (e.g., what applications\nyou have opened or what music you were playing), or even execute arbitrary\ncommands. It all depends on what extensions a user has enabled. The\nproblem is caused by lack of exception handling in\njs/ui/extensionSystem.js (CVE-2017-8288).\n","modified":"2026-04-16T01:46:10.911352917Z","published":"2018-01-03T18:52:52Z","upstream":["CVE-2017-8288"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0055.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21631"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-08/msg00101.html"}],"affected":[{"package":{"name":"gnome-shell","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gnome-shell?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.3-8.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0055.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}