AVG-1007 log

Package gvfs
Status Fixed
Severity Medium
Type multiple issues
Affected 1.40.1-1
Fixed 1.40.2-1
Current 1.56.1-1 [extra]
Ticket None
Created Wed Jul 17 12:52:36 2019
Issue Severity Remote Type Description
CVE-2019-12795 Medium No Authentication bypass
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without...
CVE-2019-12449 Medium No Privilege escalation
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy...
CVE-2019-12448 Medium No Privilege escalation
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement...
CVE-2019-12447 Medium No Privilege escalation
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.