{"id":"MGASA-2018-0057","summary":"Updated gnome-shell packages fix security vulnerability","details":"Updated gnome-shell packages fix security vulnerability:\n\ngnome-shell through 3.24.1 mishandles extensions that fail to reload, which\ncan lead to leaving extensions enabled in the lock screen. With these\nextensions, a   bystander could launch applications (but not interact with\nthem), see information from the extensions (e.g., what applications you\nhave opened or what music you were playing), or even execute arbitrary\ncommands. It all depends on what extensions a user has enabled. The problem\nis caused by lack of exception handling in js/ui/extensionSystem.js\n(CVE-2017-8288).\n\nA use-after-free flaw was found in the way gnome-shell handled mapping and\nunmapping of tray icons. A malicious or misbehaving local application could\npotentially use this flaw to crash the gnome-shell process (rhbz#1492007).\n\nThe gnome-shell package has been updated to 3.24.3 and patched to fix these\nissues and other bugs.\n","modified":"2026-04-16T01:46:03.926528329Z","published":"2018-01-03T18:52:52Z","upstream":["CVE-2017-8288"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0057.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21759"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-08/msg00101.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GLVHI3G6HLYKAXVPDDOFWUMWN252ZWX6/"}],"affected":[{"package":{"name":"gnome-shell","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gnome-shell?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.24.3-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0057.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}