Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-12448

Published: 29 May 2019

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
gvfs
Launchpad, Ubuntu, Debian
bionic
Released (1.36.1-0ubuntu1.3.3)
cosmic
Released (1.38.1-0ubuntu1.3.2)
disco
Released (1.40.1-1ubuntu0.1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/a1c2e7ecab0d6457fa2227d92e3569c08516eac5 (3.30)
upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/464bbc7e4e7fdfc3cb426557562038408b6108c5 (3.32)