First published: Wed May 29 2019(Updated: )
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME gvfs | >=1.29.4<=1.41.2 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
ubuntu/gvfs | <1.36.1-0ubuntu1.3.3 | 1.36.1-0ubuntu1.3.3 |
ubuntu/gvfs | <1.38.1-0ubuntu1.3.2 | 1.38.1-0ubuntu1.3.2 |
ubuntu/gvfs | <1.40.1-1ubuntu0.1 | 1.40.1-1ubuntu0.1 |
debian/gvfs | 1.38.1-5 1.46.2-1 1.50.3-1 1.53.90-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12447.
The severity of CVE-2019-12447 is high with a CVSS score of 7.3.
GNOME gvfs versions 1.29.4 through 1.41.2 are affected.
To fix CVE-2019-12447 on Ubuntu, update the gvfs package to versions 1.36.1-0ubuntu1.3.3, 1.38.1-0ubuntu1.3.2, or 1.40.1-1ubuntu0.1 depending on your Ubuntu version.
Yes, you can find references for CVE-2019-12447 at the following links: [http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html](http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html) and [http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html](http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html).