Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-36472

Published: 28 May 2024

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

Notes

AuthorNote
mdeslaur
as of 2024-06-03, there is no upstream fix for this issue

Priority

Medium

Status

Package Release Status
gnome-shell
Launchpad, Ubuntu, Debian
bionic Deferred
(2024-06-03)
focal Deferred
(2024-06-03)
jammy Deferred
(2024-06-03)
mantic Deferred
(2024-06-03)
noble Deferred
(2024-06-03)
upstream Needs triage

xenial Deferred
(2024-06-03)