AVG-1007 log
| Package | gvfs |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.40.1-1 |
| Fixed | 1.40.2-1 |
| Current | 1.54.0-2 [extra] |
| Ticket | None |
| Created | Wed Jul 17 12:52:36 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-12795 | Medium | No | Authentication bypass | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without... |
| CVE-2019-12449 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy... |
| CVE-2019-12448 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement... |
| CVE-2019-12447 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |