Synopsis:          Moderate: nautilus security update
Advisory ID:       SLSA-2018:0223-1
Issue Date:        2018-01-25
CVE Numbers:       CVE-2017-14604
--

Security Fix(es):

* An untrusted .desktop file with executable permission set could choose
its displayed name and icon, and execute commands without warning when
opened by the user. An attacker could use this flaw to trick a user into
opening a .desktop file disguised as a document, such as a PDF, and
execute arbitrary commands. (CVE-2017-14604)

Note: This update will change the behavior of Nautilus. Nautilus will now
prompt the user for confirmation when executing an untrusted .desktop file
for the first time, and then add it to the trusted file list. Desktop
files stored in the system directory, as specified by the XDG_DATA_DIRS
environment variable, are always considered trusted and executed without
prompt.
--

SL7
  x86_64
    nautilus-3.22.3-4.el7_4.i686.rpm
    nautilus-3.22.3-4.el7_4.x86_64.rpm
    nautilus-debuginfo-3.22.3-4.el7_4.i686.rpm
    nautilus-debuginfo-3.22.3-4.el7_4.x86_64.rpm
    nautilus-extensions-3.22.3-4.el7_4.i686.rpm
    nautilus-extensions-3.22.3-4.el7_4.x86_64.rpm
    nautilus-devel-3.22.3-4.el7_4.i686.rpm
    nautilus-devel-3.22.3-4.el7_4.x86_64.rpm

- Scientific Linux Development Team