Package gvfs updated to version 1.42.0-alt1 for branch sisyphus in task 237956.

Published: 2019-05-29

BDU:2019-02514

Уязвимость компонента daemon/gvfsbackendadmin.c подсистемы GVFS среды рабочего стола GNOME операционных систем Linux, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2019-12447

Published: 2019-05-29

BDU:2019-02515

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2019-12448

Published: 2019-05-29

BDU:2019-02516

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2019-12449

Published: 2019-05-29
Modified: 2024-11-21

CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

Severity: HIGH (7.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2019-05-29
Modified: 2024-11-21

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-05-29
Modified: 2024-11-21

CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Version: 2.1.0

Package gvfs update in sisyphus on 2019-09-25

ALT-PU-2019-2783-1

Closed vulnerabilities

BDU:2019-02514

BDU:2019-02515

BDU:2019-02516

CVE-2019-12447

CVE-2019-12448

CVE-2019-12449