SCIENTIFIC-LINUX-ERRATA Archives

January 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: nautilus on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 25 Jan 2018 15:33:07 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
Synopsis:          Moderate: nautilus security update
Advisory ID:       SLSA-2018:0223-1
Issue Date:        2018-01-25
CVE Numbers:       CVE-2017-14604
--

Security Fix(es):

* An untrusted .desktop file with executable permission set could choose
its displayed name and icon, and execute commands without warning when
opened by the user. An attacker could use this flaw to trick a user into
opening a .desktop file disguised as a document, such as a PDF, and
execute arbitrary commands. (CVE-2017-14604)

Note: This update will change the behavior of Nautilus. Nautilus will now
prompt the user for confirmation when executing an untrusted .desktop file
for the first time, and then add it to the trusted file list. Desktop
files stored in the system directory, as specified by the XDG_DATA_DIRS
environment variable, are always considered trusted and executed without
prompt.
--

SL7
  x86_64
    nautilus-3.22.3-4.el7_4.i686.rpm
    nautilus-3.22.3-4.el7_4.x86_64.rpm
    nautilus-debuginfo-3.22.3-4.el7_4.i686.rpm
    nautilus-debuginfo-3.22.3-4.el7_4.x86_64.rpm
    nautilus-extensions-3.22.3-4.el7_4.i686.rpm
    nautilus-extensions-3.22.3-4.el7_4.x86_64.rpm
    nautilus-devel-3.22.3-4.el7_4.i686.rpm
    nautilus-devel-3.22.3-4.el7_4.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2