CVE-2019-13012
First published: Fri Jun 28 2019(Updated: )
GNOME GLib could allow a local attacker to bypass security restrictions, caused by improper permission control in the keyfile settings backend. An attacker could exploit this vulnerability to bypass access restrictions.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME GLib | >=2.0.0<2.59.1 | |
| IBM Security Verify Access | <=10.0.0 | |
| ubuntu/glib2.0 | <2.56.4-0ubuntu0.18.04.4 | 2.56.4-0ubuntu0.18.04.4 |
| ubuntu/glib2.0 | <2.58.1-2ubuntu0.2 | 2.58.1-2ubuntu0.2 |
| ubuntu/glib2.0 | <2.40.2-0ubuntu1.1+ | 2.40.2-0ubuntu1.1+ |
| ubuntu/glib2.0 | <2.59.1 | 2.59.1 |
| ubuntu/glib2.0 | <2.48.2-0ubuntu4.4 | 2.48.2-0ubuntu4.4 |
| debian/glib2.0 | 2.66.8-1+deb11u4 2.66.8-1+deb11u3 2.74.6-2+deb12u3 2.74.6-2+deb12u2 2.82.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12
- https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429
- https://gitlab.gnome.org/GNOME/glib/issues/1658
- https://gitlab.gnome.org/GNOME/glib/merge_requests/450
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html
- https://security.netapp.com/advisory/ntap-20190806-0003/
- https://usn.ubuntu.com/4049-1/
- https://usn.ubuntu.com/4049-2/
- https://security-tracker.debian.org/tracker/CVE-2019-13012
- https://security-tracker.debian.org/tracker/CVE-2019-12450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012
- https://codesearch.debian.net/search?q=g_keyfile_settings_backend_new&perpkg=1
- https://security-tracker.debian.org/tracker/CVE-2018-16429
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234
- https://launchpad.net/bugs/cve/CVE-2019-13012
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://exchange.xforce.ibmcloud.com/vulnerabilities/166666
- https://www.ibm.com/support/pages/node/6538418 (Advisory)
- https://ubuntu.com/security/notices/USN-4049-1
- https://ubuntu.com/security/notices/USN-4049-2
- https://ubuntu.com/security/notices/USN-4049-3
- https://ubuntu.com/security/notices/USN-4049-4
- https://www.cve.org/CVERecord?id=CVE-2019-13012
- https://nvd.nist.gov/vuln/detail/CVE-2019-13012
- https://gitlab.gnome.org/GNOME/glib/commit/54317c9118bfffa4e9390945f88e63addc1cb69c
- https://ubuntu.com/security/CVE-2019-13012
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-13012?
CVE-2019-13012 is a vulnerability in the GNOME GLib library that allows a local attacker to bypass security restrictions caused by improper permissions.
Which software is affected by CVE-2019-13012?
The affected software includes gnome/glib2.0 package versions 2.58.3-2+deb10u3, 2.58.3-2+deb10u5, 2.66.8-1, 2.74.6-2, and 2.78.0-2 from Debian, glib2.0 package version 2.56.4-0ubuntu0.18.04.4 from Ubuntu Bionic, glib2.0 package version 2.58.1-2ubuntu0.2 from Ubuntu Cosmic, glib2.0 package version 2.40.2-0ubuntu1.1+ from Ubuntu Trusty, glib2.0 package version 2.59.1 from Ubuntu upstream, and glib2.0 package version 2.48.2-0ubuntu4.4 from Ubuntu Xenial.
What is the severity of CVE-2019-13012?
CVE-2019-13012 has a severity rating of 7.5 (High).
How can I fix CVE-2019-13012?
To fix CVE-2019-13012, update the affected software to the respective patched versions: glib2.0 package versions 2.60.0 or later for Debian, glib2.0 package version 2.56.4-0ubuntu0.18.04.5 for Ubuntu Bionic, glib2.0 package version 2.58.1-2ubuntu0.3 for Ubuntu Cosmic, glib2.0 package version 2.40.2-0ubuntu1.2 for Ubuntu Trusty, glib2.0 package versions 2.59.2 or later for Ubuntu upstream, and glib2.0 package version 2.48.2-0ubuntu4.5 for Ubuntu Xenial.
Where can I find more information about CVE-2019-13012?
You can find more information about CVE-2019-13012 on the following references: [link1](https://gitlab.gnome.org/GNOME/glib/issues/1658), [link2](https://security-tracker.debian.org/tracker/CVE-2019-13012), [link3](https://security-tracker.debian.org/tracker/CVE-2019-12450).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/debian-bugs
- source/Debian
- alias/CVE-2019-13012
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/tags
- collector/security-tracker-debian
- agent/softwarecombine
- agent/trending
- vendor/gnome
- canonical/gnome glib
- version/gnome glib/2.0.0
- vendor/ibm
- canonical/ibm security verify access
- version/ibm security verify access/10.0.0
- package-manager/ubuntu
- package-manager/debian