GNOME Shell: Information disclosure — GLSA 202009-08

An information disclosure vulnerability in GNOME Shell might allow local attackers to obtain sensitive information.

Affected packages

gnome-base/gnome-shell on all architectures
Affected versions < 3.34.5-r1
Unaffected versions >= 3.34.5-r1

Background

GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications.

Description

It was discovered that GNOME Shell incorrectly handled the login screen password dialog.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All GNOME Shell users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=gnome-base/gnome-shell-3.34.5-r1"
 

References

Release date
September 13, 2020

Latest revision
September 13, 2020: 1

Severity
low

Exploitable
local

Bugzilla entries