You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa gvfs

Sigurnosni nedostaci programskog paketa gvfs

==========================================================================
Ubuntu Security Notice USN-4053-1
July 09, 2019

gvfs vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GVfs.

Software Description:
– gvfs: Userspace virtual filesystem

Details:

It was discovered that GVfs incorrectly handled the admin backend. Files
created or moved by the admin backend could end up with the wrong ownership
information, contrary to expectations. This issue only affected Ubuntu
18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448,
CVE-2019-12449)

It was discovered that GVfs incorrectly handled authentication on its
private D-Bus socket. A local attacker could possibly connect to this
socket and issue D-Bus calls. (CVE-2019-12795)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
gvfs 1.40.1-1ubuntu0.1
gvfs-backends 1.40.1-1ubuntu0.1

Ubuntu 18.10:
gvfs 1.38.1-0ubuntu1.3.2
gvfs-backends 1.38.1-0ubuntu1.3.2

Ubuntu 18.04 LTS:
gvfs 1.36.1-0ubuntu1.3.3
gvfs-backends 1.36.1-0ubuntu1.3.3

Ubuntu 16.04 LTS:
gvfs 1.28.2-1ubuntu1~16.04.3
gvfs-backends 1.28.2-1ubuntu1~16.04.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4053-1
CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12795

Package Information:
https://launchpad.net/ubuntu/+source/gvfs/1.40.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gvfs/1.38.1-0ubuntu1.3.2
https://launchpad.net/ubuntu/+source/gvfs/1.36.1-0ubuntu1.3.3
https://launchpad.net/ubuntu/+source/gvfs/1.28.2-1ubuntu1~16.04.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0kiLMACgkQZWnYVadE
vpMzZQ/7B29rhXyvMV/0XMfHiRieTyLVX+o/v8yDbRoDtuZPsIf9S1+ycunXKpKy
JcalPqxb1DHTCJPL6cja2PG/eJBINhk64WqnG0ugtmyylfCXY/h3ZtkF8MHhf0sq
oF5doRv1FZCKqipD5bdjajewTg4ZDtznN8KMPEc2uEd5F7xj4vrfdoxjEvNlPaTq
1ZxJ3JdyC6aku5jA4p3gJ1fa+gc7Pwf+nDEcrrjiuIMEh4J1t3g0BPhi1saS5YRL
Fy7hWycl5x8H1OLDsP3fWvf9mj9h23Vz0NWM9aezv02Q7i68yud5f/WSpawEIAlc
u23LooY5x04uCQCnVYxJG2PLH4Ma/3cpzO4h/vWDrueJto5vOEILCQpWNWN0N6If
YIrJpssxxKxClIwiJ5CwxaAPSpogy55PVF5OmQawjUejDJqJCiVk+yv6kZpfXzow
n4lWbWIuky6cK+YSt11sbCtSvhXQmk64nIjxh1jk8nAa7GXiNRYN8S+8uKl49N6L
MJetw7AvUHlvSACjqGDDiilZZ6oZcdUqR4jJSu1fmYNkQlBMBURRVFvmGfee6UVE
V9Z9h9GXVye8EACYdC+H03oN9SK3ZlVmr1Z8tMLxdlpiVWMHMUKf8bUs8H+FPqiS
S0igFcAgjQx1iGt1oL38PdEne94C6DnLdYkwd0fO8L3OuuAsBBI=
=HjVd
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ansible

Otkriven je sigurnosni nedostatak u programskom paketu ansible za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close