CVE-2017-8288

Metadata

medium
6.8
gnome-shell
CVE-2017-8288
cve.mitre.org, bugs.kali.org, bugzilla.gnome.org, github.com
2017-04-26
2017-10-23 14:23
CVE-2017-8288 gnome-shell
2017-07-20 21:33
2017-06-21 20:03
2017-06-16 19:23
2017-05-10 23:52
2017-04-27 20:03

Description

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
trusty gnome-shell None
xenial gnome-shell None

Unaffected

Release Package Reason
precise gnome-shell ignored
precise/esm gnome-shell DNE
vivid/stable-phone-overlay gnome-shell DNE
vivid/ubuntu-core gnome-shell DNE
yakkety gnome-shell ignored
zesty gnome-shell not-affected
artful gnome-shell not-affected
devel gnome-shell not-affected

Needs Triage

Release Package Reason
upstream gnome-shell needs-triage