Detections
Analytics
Fedora 40 : glib2 / gnome-shell (2024-635a54eb7e)
low Nessus Plugin ID 196888
Language:
Synopsis
The remote Fedora host is missing one or more security updates.Description
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-635a54eb7e advisory.- An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. (CVE-2024-34397)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected glib2 and / or gnome-shell packages.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2024-635a54eb7e
Plugin Details
Severity: Low
ID: 196888
File Name: fedora_2024-635a54eb7e.nasl
Version: 1.0
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 5/12/2024
Updated: 5/12/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.4
CVSS v2
Risk Factor: Low
Base Score: 1.7
Temporal Score: 1.3
Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2024-34397
CVSS v3
Risk Factor: Low
Base Score: 3.8
Temporal Score: 3.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:40, p-cpe:/a:fedoraproject:fedora:glib2, p-cpe:/a:fedoraproject:fedora:gnome-shell
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/9/2024
Vulnerability Publication Date: 5/7/2024
Reference Information
CVE: CVE-2024-34397
FEDORA: 2024-635a54eb7e