Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3163
gnome-shell security update
16 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gnome-shell
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Access Confidential Data -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2020-17489
Reference: ESB-2020.2843
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2374
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2374-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
September 15, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : gnome-shell
Version : 3.22.3-3+deb9u1
CVE ID : CVE-2020-17489
Debian Bug : #968311
It was discovered that there was an issue around revealing passwords
in the "gnome-shell" component of the GNOME desktop.
In certain configurations, when logging out of an account the
password box from the login dialog could reappear with the password
visible in cleartext.
For Debian 9 "Stretch", this problem has been fixed in version
3.22.3-3+deb9u1.
We recommend that you upgrade your gnome-shell packages.
For the detailed security status of gnome-shell please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9goxQACgkQHpU+J9Qx
HlgcEA/9EGCFy/+n+EwXrJo5Ai+UFuseHIAd9CaqPCoSrkZXL7AZDA5mDiqDJ9C4
qrCu/MJm78+9GX1i4XY7BQk28Ze9dbREuDxKKNx8GmBt8A67uX878nwYY/olu/Sf
u/rlXW1AiMeQR6wn8qIycNNnyses8AjCKmRTgrFoWpSBMfPntzWcM/T+UgQKE8Ja
RIyXn9EnWPXCnzVVWN+8pLXLwk6XVHsBN9CJbNJ8b2m0/DLWHwBHwrKeQJGdNDOj
6A+0dK5iSzjR1PWJ49xS3S/lY0Iyb3kVNuXCqLBDAKqWaiAvxysu0f5TsJEMKaKo
idSKDx8mZXJV6YIyuQobrs10xIBTnaLTkyfoCcsD8drbBHnqTS0j7hIDZT0TJlWF
KAru+bjbxIdBEFxPXRzE+qPNO8sMyvjro9B2iN3ItpIsyP/ARTydhNatvZ0Z9Yrx
SUFRKU4Je61/ovMm0ysSPyqPqw5pi2af11Gi3gvFlPGiOX1wSnRH8rRjS9e+XSUl
U9fvODaA1vDZzHrJhUey0rQCuSXUHqnBOl7bBybF1+tAqP8r7jgFsuWFRwpRq/jZ
Zt+KrlUPK25s6CBsr5IAUSQiRGaeKYcFv6AXI6dNRlJaTRK6Lc9AgGtNyYr+gGCr
jcXp1NX4SBkx8HuvGsFINxhE9xDeA5mpwDkl6knzDnNI+RJqh+M=
=AxhS
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX2E8o+NLKJtyKPYoAQjkYQ/9HH/OqcjyEm1FhitiEXHEMgyi58/1D8Cu
i/o0qZ71cG8FAr0tNjaY7q2KkPXz3+q2r5Pwfb8Ga7OQf4j2gNUjrBU5kfDCruQe
Xm8flLSs/oUso9kT/sdo58omznF85wF2qU8XGqkCX7LBgNDLSOuEZoOon3Aj3i1h
s4rgDakAR5rqDCNXtr9dG3k+pYdiyqC6M7KlBFusVnDTSmJfZ1Czr/+HRxmXDlnF
L94dsIRtWQT55Z2uhOuxWe78P/IaBLMNyPp6uYGN2tvv+4Dly42/KZmr8ao7Ek0k
dTVtj4nng3OqLIz4n/xx6Ao8r/UcMs1pF0myGDUIFAbaq2Xlp68AOa5Ua4/RE3xC
iCRJk59Ms5dY30o1sxxZezsAT37zOM1rJxVUEQ+jQZk0p97t6JFHLr7X4b3J2fIL
6ECNjTfe72x+pVMRYx3pyH4/hFYX3b40B1aWNuLHej0Nm6KeEBaT/0sglq9Jzy+i
DmNSenokLk9IogSgYl0d86iiIgQ5+yBdLFP/3nLtuCRidHgqyVkHkX9X7lCqCPJz
72D6mMtHLEvQlJEdoTtQrMZkRNa48oYny+5f+wmrK6HFKtVtSoh1HDEYpwYTWjF8
jdEeirjbw6n0n75z3NTd6iK2GMAnxndtsGQhktOxxmdgNISGz6hSVP/rw0Ke6B9C
J7CKPvcprHY=
=jz3h
-----END PGP SIGNATURE-----