gnome-desktop-lang-40.4-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10796 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gnome-desktop-lang-40.4-1.3 on GA media These are all security issues fixed in the gnome-desktop-lang-40.4-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10796 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10796 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-11460/ SUSE CVE CVE-2019-11460 page openSUSE Tumbleweed gnome-desktop-lang-40.4-1.3 gnome-version-40.4-1.3 libgnome-desktop-3-19-40.4-1.3 libgnome-desktop-3-devel-40.4-1.3 libgnome-desktop-3_0-common-40.4-1.3 typelib-1_0-GnomeDesktop-3_0-40.4-1.3 gnome-desktop-lang-40.4-1.3 as a component of openSUSE Tumbleweed gnome-version-40.4-1.3 as a component of openSUSE Tumbleweed libgnome-desktop-3-19-40.4-1.3 as a component of openSUSE Tumbleweed libgnome-desktop-3-devel-40.4-1.3 as a component of openSUSE Tumbleweed libgnome-desktop-3_0-common-40.4-1.3 as a component of openSUSE Tumbleweed typelib-1_0-GnomeDesktop-3_0-40.4-1.3 as a component of openSUSE Tumbleweed An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. CVE-2019-11460 openSUSE Tumbleweed:gnome-desktop-lang-40.4-1.3 openSUSE Tumbleweed:gnome-version-40.4-1.3 openSUSE Tumbleweed:libgnome-desktop-3-19-40.4-1.3 openSUSE Tumbleweed:libgnome-desktop-3-devel-40.4-1.3 openSUSE Tumbleweed:libgnome-desktop-3_0-common-40.4-1.3 openSUSE Tumbleweed:typelib-1_0-GnomeDesktop-3_0-40.4-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11460.html CVE-2019-11460 https://bugzilla.suse.com/1133043 SUSE Bug 1133043