Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

GNOME desktop library: Security bypass — GLSA 201908-28

A vulnerability in the GNOME desktop library may allow attackers to escape the sandbox.

Affected packages

Package gnome-base/gnome-desktop on all architectures
Affected versions < 3.30.2.3
Unaffected versions >= 3.30.2.3

Background

Library with common API for various GNOME modules.

Description

A vulnerability was discovered in the GNOME desktop library which allows an attacker to escape the sandbox.

Impact

A local attacker could possibly bypass sandbox protection.

Workaround

There is no known workaround at this time.

Resolution

All GNOME desktop library users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=gnome-base/gnome-desktop-3.30.2.3"

References

Release date
August 31, 2019

Latest revision
August 31, 2019: 1

Severity
normal

Exploitable
local

Bugzilla entries