Opened 5 years ago

Closed 5 years ago

#12214 closed enhancement (fixed)

Create patch to fix upstream gvfs issues

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

As a result of the security update for Glib earlier this month, another set of security issues was found in gvfs. These allow for permission/access control bypass and file modification while transfer operations are in place.

I'm going to gen a patch with all of the commits except for translation updates since the release of gvfs-1.40.1.

https://gitlab.gnome.org/GNOME/gvfs/commits/gnome-3-32

Change History (3)

comment:1 by Douglas R. Reno, 5 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 5 years ago

Priority: normalhighest

CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

https://nvd.nist.gov/vuln/detail/CVE-2019-12795

7.8 HIGH

CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

9.8 CRITICAL

https://nvd.nist.gov/vuln/detail/CVE-2019-12447

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

8.1 HIGH

https://nvd.nist.gov/vuln/detail/CVE-2019-12448/

CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

9.8 CRITICAL

https://nvd.nist.gov/vuln/detail/CVE-2019-12449/

comment:3 by Douglas R. Reno, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21768

Note: See TracTickets for help on using tickets.