rpm package
suse/gvfs&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP1
pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-12795 | — | < 1.34.2.1-4.13.1 | 1.34.2.1-4.13.1 | Jun 11, 2019 | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that | ||
| CVE-2019-12449 | — | < 1.34.2.1-4.13.1 | 1.34.2.1-4.13.1 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | ||
| CVE-2019-12448 | — | < 1.34.2.1-4.13.1 | 1.34.2.1-4.13.1 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | ||
| CVE-2019-12447 | — | < 1.34.2.1-4.13.1 | 1.34.2.1-4.13.1 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |
- CVE-2019-12795Jun 11, 2019affected < 1.34.2.1-4.13.1fixed 1.34.2.1-4.13.1
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that
- CVE-2019-12449May 29, 2019affected < 1.34.2.1-4.13.1fixed 1.34.2.1-4.13.1
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
- CVE-2019-12448May 29, 2019affected < 1.34.2.1-4.13.1fixed 1.34.2.1-4.13.1
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- CVE-2019-12447May 29, 2019affected < 1.34.2.1-4.13.1fixed 1.34.2.1-4.13.1
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.