Unrated severityNVD Advisory· Published May 29, 2019· Updated Aug 4, 2024

CVE-2019-12450

Description

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Affected products

GNOME/GLibdescription
osv-coords23 versions
pkg:rpm/opensuse/glib2&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/glib2&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4 pkg:rpm/suse/glib2&distro=SUSE%20OpenStack%20Cloud%207
< 2.54.3-lp150.3.10.1+ 22 more
- (no CPE)range: < 2.54.3-lp150.3.10.1
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.54.3-4.15.1
- (no CPE)range: < 2.54.3-4.15.1
- (no CPE)range: < 2.54.3-4.15.1
- (no CPE)range: < 2.22.5-0.8.39.1
- (no CPE)range: < 2.22.5-0.8.39.1
- (no CPE)range: < 2.38.2-7.9.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.38.2-7.9.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2
- (no CPE)range: < 2.48.2-12.12.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:3530mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/mitrevendor-advisoryx_refsource_FEDORA
usn.ubuntu.com/4014-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4014-2/mitrevendor-advisoryx_refsource_UBUNTU
gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/06/msg00013.htmlmitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20190606-0003/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000