Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-12449

Published: 29 May 2019

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

Priority

Medium

CVSS 3 base score: 5.7

Status

Package Release Status
gvfs
Launchpad, Ubuntu, Debian
bionic
Released (1.36.1-0ubuntu1.3.3)
cosmic
Released (1.38.1-0ubuntu1.3.2)
disco
Released (1.40.1-1ubuntu0.1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6 (3.30)
upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/ec939a01c278d1aaa47153f51b5c5f0887738dd9 (3.32)