gvfs
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Virtual filesystem implementation for GIO |
| Version | 1.54.0-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1007 | 1.40.1-1 | 1.40.2-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-12795 | AVG-1007 | Medium | No | Authentication bypass | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without... |
| CVE-2019-12449 | AVG-1007 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy... |
| CVE-2019-12448 | AVG-1007 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement... |
| CVE-2019-12447 | AVG-1007 | Medium | No | Privilege escalation | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |