{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"gnome-shell security update", "category":"general", "title":"Synopsis" }, { "text":"An update for gnome-shell is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"The GNOME Shell redefines user interactions with the GNOME desktop. In particular, it offers new paradigms for launching applications, accessing documents, and organizing open windows in GNOME. Later, it will introduce a new applets eco-system and offer new solutions for other desktop features, such as notifications and contacts management. The GNOME Shell is intended to replace functions handled by the GNOME Panel and by the window manager in previous versions of GNOME. The GNOME Shell has rich visual effects enabled by new graphical technologies.\n\nSecurity Fix(es):\n\nAn issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)(CVE-2020-17489)", "category":"general", "title":"Description" }, { "text":"An update for gnome-shell is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"gnome-shell", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2021-1152", "category":"self", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1152" }, { "summary":"CVE-2020-17489", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2020-17489&packageName=gnome-shell" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17489" }, { "summary":"openEuler-SA-2021-1152 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2021/csaf-openeuler-sa-2021-1152.json" } ], "title":"An update for gnome-shell is now available for and openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2021-05-06T09:19:10+08:00", "revision_history":[ { "date":"2021-05-06T09:19:10+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:19:10+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:19:10+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:19:10+08:00", "id":"openEuler-SA-2021-1152", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-debuginfo-3.30.1-8.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"gnome-shell-debuginfo-3.30.1-8.oe1.aarch64.rpm" }, "name":"gnome-shell-debuginfo-3.30.1-8.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-debugsource-3.30.1-8.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"gnome-shell-debugsource-3.30.1-8.oe1.aarch64.rpm" }, "name":"gnome-shell-debugsource-3.30.1-8.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-3.30.1-8.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"gnome-shell-3.30.1-8.oe1.aarch64.rpm" }, "name":"gnome-shell-3.30.1-8.oe1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-help-3.30.1-8.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"gnome-shell-help-3.30.1-8.oe1.noarch.rpm" }, "name":"gnome-shell-help-3.30.1-8.oe1.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-3.30.1-8.oe1.src.rpm(20.03-LTS-SP1)", "name":"gnome-shell-3.30.1-8.oe1.src.rpm" }, "name":"gnome-shell-3.30.1-8.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-3.30.1-8.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"gnome-shell-3.30.1-8.oe1.x86_64.rpm" }, "name":"gnome-shell-3.30.1-8.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-debugsource-3.30.1-8.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"gnome-shell-debugsource-3.30.1-8.oe1.x86_64.rpm" }, "name":"gnome-shell-debugsource-3.30.1-8.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"gnome-shell-debuginfo-3.30.1-8.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"gnome-shell-debuginfo-3.30.1-8.oe1.x86_64.rpm" }, "name":"gnome-shell-debuginfo-3.30.1-8.oe1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-debuginfo-3.30.1-8.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.aarch64", "name":"gnome-shell-debuginfo-3.30.1-8.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-debugsource-3.30.1-8.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.aarch64", "name":"gnome-shell-debugsource-3.30.1-8.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-3.30.1-8.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.aarch64", "name":"gnome-shell-3.30.1-8.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-help-3.30.1-8.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-help-3.30.1-8.oe1.noarch", "name":"gnome-shell-help-3.30.1-8.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-3.30.1-8.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.src", "name":"gnome-shell-3.30.1-8.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-3.30.1-8.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.x86_64", "name":"gnome-shell-3.30.1-8.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-debugsource-3.30.1-8.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.x86_64", "name":"gnome-shell-debugsource-3.30.1-8.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"gnome-shell-debuginfo-3.30.1-8.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.x86_64", "name":"gnome-shell-debuginfo-3.30.1-8.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2020-17489", "notes":[ { "text":"An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-help-3.30.1-8.oe1.noarch", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.src", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.x86_64", "openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.x86_64", "openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-help-3.30.1-8.oe1.noarch", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.src", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.x86_64", "openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.x86_64", "openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.x86_64" ], "details":"gnome-shell security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1152" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.3, "vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.aarch64", "openEuler-20.03-LTS-SP1:gnome-shell-help-3.30.1-8.oe1.noarch", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.src", "openEuler-20.03-LTS-SP1:gnome-shell-3.30.1-8.oe1.x86_64", "openEuler-20.03-LTS-SP1:gnome-shell-debugsource-3.30.1-8.oe1.x86_64", "openEuler-20.03-LTS-SP1:gnome-shell-debuginfo-3.30.1-8.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-17489" } ] }