CVE-2019-12449 - log back

CVE-2019-12449 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
References
+ https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
+ https://www.openwall.com/lists/oss-security/2019/07/09/3
Notes