{"id":"ALSA-2020:1766","summary":"Moderate: GNOME security, bug fix, and enhancement update","details":"GNOME is the default desktop environment of AlmaLinux.\n\nSecurity Fix(es):\n\n* LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337)\n\n* gdm: lock screen bypass when timed login is enabled (CVE-2019-3825)\n\n* gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447)\n\n* gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448)\n\n* gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T03:49:29.032573Z","published":"2020-04-28T09:13:23Z","related":["CVE-2018-20337","CVE-2019-12447","CVE-2019-12448","CVE-2019-12449","CVE-2019-3825"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2020-1766.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2018-20337"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-12447"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-12448"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-12449"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-3825"}],"affected":[{"package":{"name":"accountsservice-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/accountsservice-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.50-8.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"baobab","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/baobab"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.0-4.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"clutter","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/clutter"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-8.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"clutter-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/clutter-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-8.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"clutter-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/clutter-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-8.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"gjs-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gjs-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.56.2-4.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"gnome-menus","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gnome-menus"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.3-11.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"gnome-menus-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gnome-menus-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.3-11.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"gnome-tweaks","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gnome-tweaks"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.1-7.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs52","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs52"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.0-2.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs52","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs52"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.0-2.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs52-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs52-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.0-2.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs52-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs52-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.0-2.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs60","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs60"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-4.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs60","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs60"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-4.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs60-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs60-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-4.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"mozjs60-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/mozjs60-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-4.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"vala","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/vala"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.40.19-1.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}},{"package":{"name":"vala-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/vala-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.40.19-1.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1766.json"}}],"schema_version":"1.7.3"}