Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#12084 closed enhancement (fixed)

glib-2.60.4 (CVE-2019-12450)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: highest Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (7)

comment:1 by Bruce Dubbs, 5 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 5 years ago

Overview of changes in GLib 2.60.3

  • Various fixes to small key/value support in GHashTable
  • Bugs fixed:
    • #1747 Critical in g_socket_client_async_connect_complete
    • #1749 New GHashTable implementation confuses valgrind
    • #1759 test_month_names: assertion failed
    • #1771 GNetworkAddressAddressEnumerator unsafely modifies cache in GNetworkAddress
    • #1774 Leaks in gsocketclient.c connection code
    • #1776 glib/date test fails
    • #1780 GDB pretty-printer for GHashTable no longer works
    • !815 Merge branch 'wip/tingping/socketclient-cancel-2' into 'master'
    • !816 Backport !814 “gschema.dtd: Add target attribute to alias” to glib-2-60
    • !826 Backport !824 “gsocketclient: Fix a leak in the connection code” to glib-2-60
    • !829 Backport !828 “build: Fix a typo in the test whether _NL_ABALTMON_n is supported” to glib-2-60
    • !834 Backport !823 "gnetworkaddress: Fix parallel enumerations interfering with eachother" to glib-2-60
    • !838 Backport !835 “Fix typo in German translation” to glib-2-60
    • !841 Backport !839 “tests: Update month name check for Greek locale” to glib-2-60
    • !844 Backport !840 “ghash: Disable small-arrays under valgrind” to glib-2-60
    • !846 Backport !845 “Fixing g_format_size_full() on Windows-x64” to glib-2-60
    • !855 Backport !848 (more GHashTable fixes) to glib-2-60
    • !858 Backport !852 “Update gdb pretty-printer for GHashTable” to glib-2-60
  • Translation updates

comment:3 by Douglas R. Reno, 5 years ago

Priority: normalhighest
Summary: glib-2.60.3glib-2.60.4 (CVE-2019-12450)

Heads up, this was just upgraded to 2.60.4


* Fixes to improved network status detection with NetworkManager (#1788)

* Leak fixes to some `glib-genmarshal` generated code (#1793)

* Further fixes to the Happy Eyeballs (RFC 8305) implementation (!865)

* File system permissions fix to clamp down permissions in a small time window
  when copying files (CVE-2019-12450, !876)

* Bugs fixed:
 - #1755 Please revert #535 gmacros: Try to use the standard __func__ first in G_STRFUNC
 - #1788 GNetworkMonitor claims I am offline
 - #1792 glib-genmarshal generated valist marshal does not respect static scope for some types
 - #1793 glib-genmarshal generates wrong code for va marshaler for VARIANT type
 - #1795 Fix mingw32 CI on older branches
 - !865 gnetworkaddress: fix "happy eyeballs" logic
 - !878 Backport !876 “gfile: Limit access to files when copying” to glib-2-60

From the United States National Vulnerability Database:

Current Description

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Source:  MITRE
Description Last Modified:  05/29/2019
View Analysis Description
CVSS v3.0 Severity and Metrics:

Base Score: 9.8 CRITICAL
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 3.9

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
CVSS v2.0 Severity and Metrics:

Base Score: 7.5 HIGH
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) (V2 legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0

Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial

Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

Under CVSSv3, it's marked as 9.8 CRITICAL. That's out of 10.

As a result, I'm promoting this to Highest priority.

comment:4 by Douglas R. Reno, 5 years ago

Owner: changed from Bruce Dubbs to Douglas R. Reno
Status: assignednew

comment:5 by Douglas R. Reno, 5 years ago

Status: newassigned

comment:6 by Douglas R. Reno, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21674

comment:7 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.