USN-4053-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-4053-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4053-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4053-1
- Related
- Published
- 2019-07-09T11:29:22.867930Z
- Modified
- 2019-07-09T11:29:22.867930Z
- Summary
- gvfs vulnerabilities
- Details
-
It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449)
It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795)
- References
Affected packages
Ubuntu:16.04:LTS / gvfs
Package
- Name
- gvfs
- Purl
- pkg:deb/ubuntu/gvfs@1.28.2-1ubuntu1~16.04.3?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.28.2-1ubuntu1~16.04.3
Affected versions
1.*
1.24.2-0ubuntu4
1.24.2-0ubuntu5
1.24.2-0ubuntu6
1.26.2-1ubuntu1
1.27.3-1ubuntu1
1.27.4-1ubuntu1
1.27.90-1ubuntu1
1.27.92-1ubuntu1
1.28.1-1ubuntu1
1.28.2-1ubuntu1~16.04.1
1.28.2-1ubuntu1~16.04.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"gvfs-bin-dbgsym": "1.28.2-1ubuntu1~16.04.3",
"gvfs-common": "1.28.2-1ubuntu1~16.04.3",
"gvfs-dbgsym": "1.28.2-1ubuntu1~16.04.3",
"gvfs-fuse": "1.28.2-1ubuntu1~16.04.3",
"gvfs-libs-dbgsym": "1.28.2-1ubuntu1~16.04.3",
"gvfs-backends": "1.28.2-1ubuntu1~16.04.3",
"gvfs-daemons-dbgsym": "1.28.2-1ubuntu1~16.04.3",
"gvfs-bin": "1.28.2-1ubuntu1~16.04.3",
"gvfs-daemons": "1.28.2-1ubuntu1~16.04.3",
"gvfs-libs": "1.28.2-1ubuntu1~16.04.3",
"gvfs-fuse-dbgsym": "1.28.2-1ubuntu1~16.04.3",
"gvfs-backends-dbgsym": "1.28.2-1ubuntu1~16.04.3",
"gvfs": "1.28.2-1ubuntu1~16.04.3"
}
]
}
Ubuntu:18.04:LTS / gvfs
Package
- Name
- gvfs
- Purl
- pkg:deb/ubuntu/gvfs@1.36.1-0ubuntu1.3.3?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.36.1-0ubuntu1.3.3
Affected versions
1.*
1.34.1-1ubuntu1
1.34.1-1ubuntu3
1.34.1-1ubuntu4
1.34.1-2ubuntu2
1.35.91-1ubuntu1
1.35.91-1ubuntu2
1.36.0-1ubuntu1
1.36.1-0ubuntu1
1.36.1-0ubuntu1.1
1.36.1-0ubuntu1.2
1.36.1-0ubuntu1.3
1.36.1-0ubuntu1.3.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"gvfs-backends-dbgsym": "1.36.1-0ubuntu1.3.3",
"gvfs-common": "1.36.1-0ubuntu1.3.3",
"gvfs-fuse": "1.36.1-0ubuntu1.3.3",
"gvfs-libs-dbgsym": "1.36.1-0ubuntu1.3.3",
"gvfs-backends": "1.36.1-0ubuntu1.3.3",
"gvfs-daemons-dbgsym": "1.36.1-0ubuntu1.3.3",
"gvfs-bin": "1.36.1-0ubuntu1.3.3",
"gvfs-daemons": "1.36.1-0ubuntu1.3.3",
"gvfs-libs": "1.36.1-0ubuntu1.3.3",
"gvfs-fuse-dbgsym": "1.36.1-0ubuntu1.3.3",
"gvfs-dbgsym": "1.36.1-0ubuntu1.3.3",
"gvfs": "1.36.1-0ubuntu1.3.3"
}
]
}