gvfs

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Virtual filesystem implementation for GIO
Version 1.42.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1007 1.40.1-1 1.40.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2019-12795 AVG-1007 Medium No Authentication bypass
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without...
CVE-2019-12449 AVG-1007 Medium No Privilege escalation
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy...
CVE-2019-12448 AVG-1007 Medium No Privilege escalation
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement...
CVE-2019-12447 AVG-1007 Medium No Privilege escalation
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.