AVG-1007 log
Package | gvfs |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 1.40.1-1 |
Fixed | 1.40.2-1 |
Current | 1.56.1-1 [extra] |
Ticket | None |
Created | Wed Jul 17 12:52:36 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-12795 | Medium | No | Authentication bypass | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without... |
CVE-2019-12449 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy... |
CVE-2019-12448 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement... |
CVE-2019-12447 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |