{"id":"RLSA-2019:3553","summary":"Low: GNOME security, bug fix, and enhancement update","details":"GNOME is the default desktop environment of Rocky Linux.\n\nSecurity Fix(es):\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\n* gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section.","modified":"2026-03-11T05:55:07.405206Z","published":"2019-11-05T17:59:21Z","upstream":["CVE-2019-11070","CVE-2019-11459","CVE-2019-12795","CVE-2019-3820","CVE-2019-6237","CVE-2019-6251","CVE-2019-8506","CVE-2019-8518","CVE-2019-8523","CVE-2019-8524","CVE-2019-8535","CVE-2019-8536","CVE-2019-8544","CVE-2019-8551","CVE-2019-8558","CVE-2019-8559","CVE-2019-8563","CVE-2019-8571","CVE-2019-8583","CVE-2019-8584","CVE-2019-8586","CVE-2019-8587","CVE-2019-8594","CVE-2019-8595","CVE-2019-8596","CVE-2019-8597","CVE-2019-8601","CVE-2019-8607","CVE-2019-8608","CVE-2019-8609","CVE-2019-8610","CVE-2019-8611","CVE-2019-8615","CVE-2019-8619","CVE-2019-8622","CVE-2019-8623","CVE-2019-8666","CVE-2019-8671","CVE-2019-8672","CVE-2019-8673","CVE-2019-8676","CVE-2019-8677","CVE-2019-8679","CVE-2019-8681","CVE-2019-8686","CVE-2019-8687","CVE-2019-8689","CVE-2019-8690","CVE-2019-8726","CVE-2019-8735","CVE-2019-8768"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2019:3553"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1662193"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667136"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1673011"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1674382"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679127"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1680164"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1685811"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687949"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690506"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696708"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698520"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698884"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698923"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698929"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698930"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1704355"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1704360"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1704378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705583"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706793"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1709937"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713080"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713330"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713453"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713685"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715738"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715761"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715765"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1716295"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1716771"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1718133"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1719241"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1719279"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1719779"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720481"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721195"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721575"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1722047"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1722844"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1723467"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1723836"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724551"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725101"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725107"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725120"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725555"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725741"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725766"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725854"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1726093"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1726505"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1726656"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728277"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731372"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735382"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1739116"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1739117"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741547"}],"affected":[{"package":{"name":"pidgin","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pidgin?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.13.0-5.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:3553.json"}},{"package":{"name":"gdk-pixbuf2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gdk-pixbuf2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.36.12-5.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:3553.json"}},{"package":{"name":"gnome-desktop3","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-desktop3?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.2-1.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:3553.json"}},{"package":{"name":"pango","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pango?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.42.4-6.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:3553.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}