An update for gnome-shell is now available for and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1152 Final 1.0 1.0 2021-05-06 Initial 2021-05-06 2021-05-06 openEuler SA Tool V1.0 2021-05-06 gnome-shell security update An update for gnome-shell is now available for openEuler-20.03-LTS-SP1. The GNOME Shell redefines user interactions with the GNOME desktop. In particular, it offers new paradigms for launching applications, accessing documents, and organizing open windows in GNOME. Later, it will introduce a new applets eco-system and offer new solutions for other desktop features, such as notifications and contacts management. The GNOME Shell is intended to replace functions handled by the GNOME Panel and by the window manager in previous versions of GNOME. The GNOME Shell has rich visual effects enabled by new graphical technologies. Security Fix(es): An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)(CVE-2020-17489) An update for gnome-shell is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium gnome-shell https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1152 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-17489 https://nvd.nist.gov/vuln/detail/CVE-2020-17489 openEuler-20.03-LTS-SP1 gnome-shell-debuginfo-3.30.1-8.oe1.aarch64.rpm gnome-shell-debugsource-3.30.1-8.oe1.aarch64.rpm gnome-shell-3.30.1-8.oe1.aarch64.rpm gnome-shell-help-3.30.1-8.oe1.noarch.rpm gnome-shell-3.30.1-8.oe1.src.rpm gnome-shell-3.30.1-8.oe1.x86_64.rpm gnome-shell-debugsource-3.30.1-8.oe1.x86_64.rpm gnome-shell-debuginfo-3.30.1-8.oe1.x86_64.rpm An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) 2021-05-06 CVE-2020-17489 openEuler-20.03-LTS-SP1 Medium 4.3 AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N gnome-shell security update 2021-05-06 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1152