{"id":"RLSA-2020:1766","summary":"Moderate: GNOME security, bug fix, and enhancement update","details":"GNOME is the default desktop environment of Rocky Linux.\n\nSecurity Fix(es):\n\n* LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337)\n\n* gdm: lock screen bypass when timed login is enabled (CVE-2019-3825)\n\n* gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447)\n\n* gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448)\n\n* gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.","modified":"2026-03-11T05:56:40.457864Z","published":"2020-04-28T09:13:23Z","upstream":["CVE-2018-20337","CVE-2019-12447","CVE-2019-12448","CVE-2019-12449","CVE-2019-3825"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2020:1766"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365717"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656988"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658001"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661555"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666070"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668901"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671744"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672825"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1674535"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684729"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690170"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1692299"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1710882"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715890"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1716754"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1716761"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1716767"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1716774"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1719819"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720249"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720251"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721124"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721133"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1723462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1723464"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724302"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725154"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728330"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728562"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728564"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728567"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730612"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1736742"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1742710"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1744452"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1744527"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1745147"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747972"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1749372"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1750516"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1753520"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759075"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759525"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759619"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759913"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1760363"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763207"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765448"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765632"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1766649"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1766695"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1768461"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776530"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777556"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777911"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778668"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1782425"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1782497"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1782517"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785233"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789474"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793413"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804123"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809079"}],"affected":[{"package":{"name":"baobab","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/baobab?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.28.0-4.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:1766.json"}},{"package":{"name":"clutter","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/clutter?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.26.2-8.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:1766.json"}},{"package":{"name":"gnome-menus","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-menus?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.13.3-11.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:1766.json"}},{"package":{"name":"gnome-tweaks","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-tweaks?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.28.1-7.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:1766.json"}},{"package":{"name":"mozjs52","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mozjs52?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:52.9.0-2.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:1766.json"}},{"package":{"name":"mozjs60","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mozjs60?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:60.9.0-4.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:1766.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}