- Vulnerability/
- USN-4053-1
USN-4053-1: GVfs vulnerabilities
First published: Tue Jul 09 2019(Updated: )
It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449) It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/gvfs | <1.40.1-1ubuntu0.1 | 1.40.1-1ubuntu0.1 |
| =19.04 | ||
| All of | ||
| ubuntu/gvfs-backends | <1.40.1-1ubuntu0.1 | 1.40.1-1ubuntu0.1 |
| =19.04 | ||
| All of | ||
| ubuntu/gvfs | <1.38.1-0ubuntu1.3.2 | 1.38.1-0ubuntu1.3.2 |
| =18.10 | ||
| All of | ||
| ubuntu/gvfs-backends | <1.38.1-0ubuntu1.3.2 | 1.38.1-0ubuntu1.3.2 |
| =18.10 | ||
| All of | ||
| ubuntu/gvfs | <1.36.1-0ubuntu1.3.3 | 1.36.1-0ubuntu1.3.3 |
| =18.04 | ||
| All of | ||
| ubuntu/gvfs-backends | <1.36.1-0ubuntu1.3.3 | 1.36.1-0ubuntu1.3.3 |
| =18.04 | ||
| All of | ||
| ubuntu/gvfs | <1.28.2-1ubuntu1~16.04.3 | 1.28.2-1ubuntu1~16.04.3 |
| =16.04 | ||
| All of | ||
| ubuntu/gvfs-backends | <1.28.2-1ubuntu1~16.04.3 | 1.28.2-1ubuntu1~16.04.3 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-12447
- https://ubuntu.com/security/CVE-2019-12448
- https://ubuntu.com/security/CVE-2019-12449
- https://ubuntu.com/security/CVE-2019-12795
- https://launchpad.net/ubuntu/+source/gvfs/1.40.1-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/gvfs/1.38.1-0ubuntu1.3.2
- https://launchpad.net/ubuntu/+source/gvfs/1.36.1-0ubuntu1.3.3
- https://launchpad.net/ubuntu/+source/gvfs/1.28.2-1ubuntu1~16.04.3
- https://ubuntu.com/security/notices/USN-4053-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-4053-1?
The severity of USN-4053-1 is high.
How does GVfs handle the admin backend?
GVfs incorrectly handles the admin backend.
Which versions of Ubuntu are affected by USN-4053-1?
USN-4053-1 affects Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04.
What is the remedy for USN-4053-1?
The remedy for USN-4053-1 is to update to version 1.40.1-1ubuntu0.1 for gvfs and gvfs-backends packages on affected Ubuntu versions.
Where can I find more information about USN-4053-1?
More information about USN-4053-1 can be found at the following references: [link1](https://ubuntu.com/security/CVE-2019-12447), [link2](https://ubuntu.com/security/CVE-2019-12448), [link3](https://ubuntu.com/security/CVE-2019-12449).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04