Upstream information

CVE-2010-4000 at MITRE

Description

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.9
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 642827 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • gnome-shell >= 3.10.4-22.13
  • gnome-shell-browser-plugin >= 3.10.4-22.13
  • gnome-shell-calendar >= 3.10.4-22.13
  • gnome-shell-lang >= 3.10.4-22.13
Patchnames:
SUSE Linux Enterprise Desktop 12 GA gnome-shell
SUSE Linux Enterprise Desktop 12 SP1
  • gnome-shell >= 3.10.4-40.1
  • gnome-shell-browser-plugin >= 3.10.4-40.1
  • gnome-shell-calendar >= 3.10.4-40.1
  • gnome-shell-lang >= 3.10.4-40.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA gnome-shell
SUSE Linux Enterprise Desktop 12 SP2
  • gnome-shell >= 3.20.4-70.4
  • gnome-shell-browser-plugin >= 3.20.4-70.4
  • gnome-shell-calendar >= 3.20.4-70.4
  • gnome-shell-lang >= 3.20.4-70.4
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA gnome-shell
SUSE Linux Enterprise Desktop 12 SP3
  • gnome-shell >= 3.20.4-76.3
  • gnome-shell-browser-plugin >= 3.20.4-76.3
  • gnome-shell-calendar >= 3.20.4-76.3
  • gnome-shell-lang >= 3.20.4-76.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA gnome-shell
SUSE Linux Enterprise Module for Desktop Applications 15
  • gnome-shell >= 3.26.2+20180130.0d9c74212-2.43
  • gnome-shell-devel >= 3.26.2+20180130.0d9c74212-2.43
  • gnome-shell-lang >= 3.26.2+20180130.0d9c74212-2.43
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA gnome-shell
SUSE Linux Enterprise Server 12
  • gnome-shell >= 3.10.4-22.2
  • gnome-shell-browser-plugin >= 3.10.4-22.2
  • gnome-shell-lang >= 3.10.4-22.2
Patchnames:
SUSE Linux Enterprise Server 12 GA gnome-shell
SUSE Linux Enterprise Server 12 SP1
  • gnome-shell >= 3.10.4-40.1
  • gnome-shell-browser-plugin >= 3.10.4-40.1
  • gnome-shell-lang >= 3.10.4-40.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA gnome-shell
SUSE Linux Enterprise Server 12 SP2
  • gnome-shell >= 3.20.4-70.4
  • gnome-shell-browser-plugin >= 3.20.4-70.4
  • gnome-shell-lang >= 3.20.4-70.4
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA gnome-shell
SUSE Linux Enterprise Server 12 SP3
  • gnome-shell >= 3.20.4-76.3
  • gnome-shell-browser-plugin >= 3.20.4-76.3
  • gnome-shell-lang >= 3.20.4-76.3
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA gnome-shell
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • gnome-shell >= 3.20.4-70.4
  • gnome-shell-browser-plugin >= 3.20.4-70.4
  • gnome-shell-lang >= 3.20.4-70.4
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA gnome-shell
SUSE Linux Enterprise Software Development Kit 12
  • gnome-shell-devel >= 3.10.4-22.13
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA gnome-shell-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • gnome-shell-devel >= 3.10.4-40.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA gnome-shell-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • gnome-shell-devel >= 3.20.4-70.4
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA gnome-shell-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • gnome-shell-devel >= 3.20.4-76.3
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA gnome-shell-devel
SUSE Linux Enterprise Workstation Extension 12
  • gnome-shell-calendar >= 3.10.4-22.13
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA gnome-shell-calendar
SUSE Linux Enterprise Workstation Extension 12 SP1
  • gnome-shell-calendar >= 3.10.4-40.1
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA gnome-shell-calendar
SUSE Linux Enterprise Workstation Extension 12 SP2
  • gnome-shell-calendar >= 3.20.4-70.4
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA gnome-shell-calendar
SUSE Linux Enterprise Workstation Extension 12 SP3
  • gnome-shell-calendar >= 3.20.4-76.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA gnome-shell-calendar
SUSE Linux Enterprise Workstation Extension 15
  • gnome-shell-calendar >= 3.26.2+20180130.0d9c74212-2.43
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA gnome-shell-calendar
openSUSE Leap 15.0
  • gnome-shell >= 3.26.2+20180130.0d9c74212-lp150.2.2
  • gnome-shell-calendar >= 3.26.2+20180130.0d9c74212-lp150.2.2
  • gnome-shell-lang >= 3.26.2+20180130.0d9c74212-lp150.2.2
Patchnames:
openSUSE Leap 15.0 GA gnome-shell
openSUSE Leap 42.1
  • gnome-shell >= 3.16.4-1.2
  • gnome-shell-browser-plugin >= 3.16.4-1.2
  • gnome-shell-calendar >= 3.16.4-1.2
  • gnome-shell-lang >= 3.16.4-1.2
Patchnames:
openSUSE Leap 42.1 GA gnome-shell
openSUSE Leap 42.2
  • gnome-shell >= 3.20.4-6.1
  • gnome-shell-browser-plugin >= 3.20.4-6.1
  • gnome-shell-calendar >= 3.20.4-6.1
  • gnome-shell-lang >= 3.20.4-6.1
Patchnames:
openSUSE Leap 42.2 GA gnome-shell
openSUSE Leap 42.3
  • gnome-shell >= 3.20.4-11.2
  • gnome-shell-browser-plugin >= 3.20.4-11.2
  • gnome-shell-calendar >= 3.20.4-11.2
  • gnome-shell-lang >= 3.20.4-11.2
Patchnames:
openSUSE Leap 42.3 GA gnome-shell
openSUSE Tumbleweed
  • gnome-shell >= 3.22.2-1.1
  • gnome-shell-browser-plugin >= 3.22.2-1.1
  • gnome-shell-calendar >= 3.22.2-1.1
  • gnome-shell-devel >= 3.22.2-1.1
  • gnome-shell-lang >= 3.22.2-1.1
Patchnames:
openSUSE Tumbleweed GA gnome-shell