GNOME Shell Vulnerabilities Fixed in Ubuntu 16.04
Recently, Canonical released security updates addressing two vulnerabilities in GNOME Shell, a popular graphical shell for the GNOME desktop environment. These updates are specifically targeted at Ubuntu 16.04 ESM, an expanded security maintenance version of the end-of-life Ubuntu 16.04 release. While Ubuntu 16.04 has reached its end-of-life (EOL), organizations relying on it still need to protect their systems.
This article will explore these vulnerabilities and discuss how TuxCare’s Extended Lifecycle Support (ELS) helps organizations to maintain secure and compliant environments while running end-of-life systems like Ubuntu 16.04 and Ubuntu 18.04.
Overview of GNOME Shell Vulnerabilities
This vulnerability arises from how GNOME Shell mishandles extensions that fail to reload properly. When extensions stay enabled on the lock screen, an attacker could potentially exploit this issue to launch applications, view sensitive information, or execute arbitrary commands.
Another flaw was identified in the way GNOME Shell handles certain keyboard inputs. In this case, an attacker could exploit the issue to invoke keyboard shortcuts and perform other actions even while the workstation is locked.
Protecting Your Ubuntu 16.04 Workloads
To safeguard your system from these vulnerabilities, it is imperative to update the GNOME Shell installation to the latest available version. However, for Ubuntu 16.04, which is already end-of-life, obtaining these security patches requires an Ubuntu Pro subscription for ESM service.
TuxCare’s Extended Lifecycle Support (ELS) offers a more affordable solution for users of Ubuntu 16.04. This service provides up to five additional years of vendor-grade security patches, ensuring that your system remains protected against vulnerabilities like those found in GNOME Shell. TuxCare covers a wide range of critical packages, including GNOME Shell, Linux kernel, OpenSSL, glibc, Python, and many others.
TuxCare currently supports the following end-of-life Linux distributions:
- CentOS 6, CentOS 7, CentOS 8, and CentOS Stream 8
- Oracle Linux 6 and Oracle Linux 7
- Ubuntu 16.04 and Ubuntu 18.04
Source: USN-7052-1