Security update for nautilus SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4393-1 Final 1 1 2022-12-09T10:01:24Z current 2022-12-09T10:01:24Z 2022-12-09T10:01:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nautilus This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4393,SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4393,openSUSE-SLE-15.3-2022-4393,openSUSE-SLE-15.4-2022-4393 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224393-1/ Link for SUSE-SU-2022:4393-1 https://lists.suse.com/pipermail/sle-security-updates/2022-December/013210.html E-Mail link for SUSE-SU-2022:4393-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1205418 SUSE Bug 1205418 https://www.suse.com/security/cve/CVE-2022-37290/ SUSE CVE CVE-2022-37290 page SUSE Linux Enterprise Module for Desktop Applications 15 SP3 openSUSE Leap 15.3 openSUSE Leap 15.4 gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 libnautilus-extension1-3.34.3-150200.4.6.1 libnautilus-extension1-32bit-3.34.3-150200.4.6.1 libnautilus-extension1-64bit-3.34.3-150200.4.6.1 nautilus-3.34.3-150200.4.6.1 nautilus-devel-3.34.3-150200.4.6.1 nautilus-lang-3.34.3-150200.4.6.1 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 libnautilus-extension1-3.34.3-150200.4.6.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 nautilus-3.34.3-150200.4.6.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 nautilus-devel-3.34.3-150200.4.6.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 nautilus-lang-3.34.3-150200.4.6.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 libnautilus-extension1-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 libnautilus-extension1-32bit-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 nautilus-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 nautilus-devel-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 nautilus-lang-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.3 libnautilus-extension1-32bit-3.34.3-150200.4.6.1 as a component of openSUSE Leap 15.4 GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. CVE-2022-37290 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libnautilus-extension1-3.34.3-150200.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:nautilus-3.34.3-150200.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:nautilus-devel-3.34.3-150200.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:nautilus-lang-3.34.3-150200.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 openSUSE Leap 15.3:gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 openSUSE Leap 15.3:libnautilus-extension1-3.34.3-150200.4.6.1 openSUSE Leap 15.3:libnautilus-extension1-32bit-3.34.3-150200.4.6.1 openSUSE Leap 15.3:nautilus-3.34.3-150200.4.6.1 openSUSE Leap 15.3:nautilus-devel-3.34.3-150200.4.6.1 openSUSE Leap 15.3:nautilus-lang-3.34.3-150200.4.6.1 openSUSE Leap 15.3:typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 openSUSE Leap 15.4:libnautilus-extension1-32bit-3.34.3-150200.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224393-1/ https://www.suse.com/security/cve/CVE-2022-37290.html CVE-2022-37290 https://bugzilla.suse.com/1205418 SUSE Bug 1205418