CVE-2019-13012

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using gfilemakedirectorywithparents (kfsb->dir, NULL, NULL) and files using gfilereplacecontents (kfsb->file, contents, length, NULL, FALSE, GFILECREATEREPLACEDESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

References

Affected packages

Git / gitlab.gnome.org/GNOME/glib

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/glib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5e4da714f00f6bfb2ccd6d73d61329c6f3a08429

Affected versions

2.*

2.20.0

2.20.1

2.21.1

2.21.2

2.21.3

2.21.4

2.21.5

2.21.6

2.22.0

2.22.2

2.23.0

2.23.1

2.23.2

2.23.3

2.23.4

2.23.5

2.23.6

2.24.0

2.25.0

2.25.10

2.25.11

2.25.12

2.25.13

2.25.14

2.25.15

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.8

2.25.9

2.27.0

2.27.1

2.27.2

2.27.3

2.27.5

2.27.90

2.27.91

2.27.92

2.27.93

2.28.0

2.29.10

2.29.12

2.29.14

2.29.16

2.29.18

2.29.2

2.29.4

2.29.6

2.29.8

2.29.90

2.31.0

2.31.10

2.31.12

2.31.14

2.31.16

2.31.18

2.31.2

2.31.20

2.31.22

2.31.4

2.31.6

2.31.8

2.32.0

2.32.1

2.33.1

2.33.10

2.33.12

2.33.14

2.33.2

2.33.3

2.33.4

2.33.6

2.33.8

2.34.0

2.35.1

2.35.2

2.35.3

2.35.4

2.35.6

2.35.7

2.35.8

2.35.9

2.36.0

2.37.0

2.37.1

2.37.2

2.37.3

2.37.4

2.37.5

2.37.6

2.37.7

2.37.92

2.37.93

2.38.0

2.39.0

2.39.1

2.39.2

2.39.3

2.39.4

2.39.90

2.39.91

2.39.92

2.41.1

2.41.2

2.41.3

2.41.4

2.41.5

2.42.0

2.43.0

2.43.1

2.43.2

2.43.3

2.43.4

2.43.90

2.43.91

2.43.92

2.45.1

2.45.2

2.45.3

2.45.4

2.45.5

2.45.6

2.45.7

2.45.8

2.46.0

2.47.1

2.47.2

2.47.3

2.47.4

2.47.5

2.47.6

2.47.92

2.48.0

2.49.1

2.49.2

2.49.3

2.49.4

2.49.5

2.49.6

2.49.7

2.50.0

2.50.1

2.51.0

2.51.1

2.51.2

2.51.3

2.51.4

2.51.5

2.52.0

2.53.1

2.53.2

2.53.3

2.53.4

2.53.5

2.53.6

2.53.7

2.54.0

2.55.0

2.55.1

2.56.0

2.57.1

2.57.2

2.57.3

2.58.0

2.59.0

2.59.1

2.59.2

2.59.3

Other

FOR_GNOME_0_99_1

GLIB_1_1_0

GLIB_1_1_1

GLIB_1_1_10

GLIB_1_1_11

GLIB_1_1_12

GLIB_1_1_13

GLIB_1_1_14

GLIB_1_1_15

GLIB_1_1_16

GLIB_1_1_2

GLIB_1_1_3

GLIB_1_1_3a

GLIB_1_1_4

GLIB_1_1_5

GLIB_1_1_6

GLIB_1_1_7

GLIB_1_1_8

GLIB_1_1_8a

GLIB_1_1_9

GLIB_1_2_0

GLIB_1_2_9PRE1

GLIB_1_3_0

GLIB_1_3_1

GLIB_1_3_10

GLIB_1_3_11

GLIB_1_3_12

GLIB_1_3_13

GLIB_1_3_14

GLIB_1_3_15

GLIB_1_3_2

GLIB_1_3_3

GLIB_1_3_4

GLIB_1_3_5

GLIB_1_3_6

GLIB_1_3_7

GLIB_1_3_8

GLIB_1_3_9

GLIB_2_0_0

GLIB_2_0_0_RC1

GLIB_2_0_1

GLIB_2_10_0

GLIB_2_10_1

GLIB_2_11_0

GLIB_2_11_1

GLIB_2_11_2

GLIB_2_11_3

GLIB_2_11_4

GLIB_2_12_0

GLIB_2_12_1

GLIB_2_12_2

GLIB_2_13_0

GLIB_2_13_1

GLIB_2_13_2

GLIB_2_13_3

GLIB_2_13_5

GLIB_2_13_6

GLIB_2_13_7

GLIB_2_14_0

GLIB_2_14_1

GLIB_2_14_2

GLIB_2_14_3

GLIB_2_15_1

GLIB_2_15_2

GLIB_2_15_3

GLIB_2_15_4

GLIB_2_15_5

GLIB_2_15_6

GLIB_2_16_1

GLIB_2_17_0

GLIB_2_17_1

GLIB_2_17_2

GLIB_2_17_3

GLIB_2_17_4

GLIB_2_17_5

GLIB_2_17_6

GLIB_2_17_7

GLIB_2_18_0

GLIB_2_18_1

GLIB_2_19_0

GLIB_2_19_1

GLIB_2_19_10

GLIB_2_19_2

GLIB_2_19_3

GLIB_2_19_4

GLIB_2_19_5

GLIB_2_19_6

GLIB_2_19_7

GLIB_2_19_8

GLIB_2_19_9

GLIB_2_1_3

GLIB_2_1_4

GLIB_2_1_5

GLIB_2_20_0

GLIB_2_2_0

GLIB_2_3_0

GLIB_2_3_1

GLIB_2_3_2

GLIB_2_3_3

GLIB_2_3_5

GLIB_2_3_6

GLIB_2_4_0

GLIB_2_4_1

GLIB_2_5_0

GLIB_2_5_1

GLIB_2_5_2

GLIB_2_5_3

GLIB_2_5_5

GLIB_2_5_6

GLIB_2_6_0

GLIB_2_6_1

GLIB_2_7_0

GLIB_2_7_1

GLIB_2_7_2

GLIB_2_7_3

GLIB_2_7_4

GLIB_2_7_5

GLIB_2_7_6

GLIB_2_7_7

GLIB_2_8_0

GLIB_2_8_1

GLIB_2_9_0

GLIB_2_9_1

GLIB_2_9_2

GLIB_2_9_3

GLIB_2_9_4

GLIB_2_9_5

GLIB_2_9_6

GLIB_GNOME_0_99_1

GLIB_VERSION_1_1_3

GNOME_PRINT_0_24

GOBJECT_GType_guint

GTK_2_5_4

GTK_2_7_4

GTK_ALL_1_3_6

PRE_CLEANUP

R_2_0_core

glib-2-0-branchpoint

glib-2-10-branchpoint

glib-2-12-branchpoint

glib-2-2-branchpoint

glib-2-4-branchpoint

glib-2-6-branchpoint

gobject_0_10_0

gobject_0_9_0

start

glib-2.*

glib-2.25.7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2019-13012-20d86715",
        "source": "https://gitlab.gnome.org/GNOME/glib@5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",
        "digest": {
            "length": 297.0,
            "function_hash": "206605126152140042186476457105825432619"
        },
        "target": {
            "file": "gio/gkeyfilesettingsbackend.c",
            "function": "g_keyfile_settings_backend_keyfile_write"
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2019-13012-e5ed4a77",
        "source": "https://gitlab.gnome.org/GNOME/glib@5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",
        "digest": {
            "length": 917.0,
            "function_hash": "35504247401058893049625118715721596264"
        },
        "target": {
            "file": "gio/gkeyfilesettingsbackend.c",
            "function": "g_keyfile_settings_backend_constructed"
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2019-13012-e6c09a32",
        "source": "https://gitlab.gnome.org/GNOME/glib@5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",
        "digest": {
            "line_hashes": [
                "52113572213279302410160458986699814866",
                "224404247974226898390717468373307870903",
                "142114796797454760707182356979768609955",
                "154898358861433275861779533176990407539",
                "75167872904641019238416415385927650658",
                "215833425520010456987160222434244676289",
                "36439815861384971731409604690581811993",
                "226039682951575096948201118831603433131"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "gio/gkeyfilesettingsbackend.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line"
    }
]

Git / github.com/gnome/glib