From ${URL}: News ==== * daemon: Only accept EXTERNAL authentication (CVE-2019-12795) * daemon: Check that the connecting client is the same user (CVE-2019-12795) * admin: Ensure correct ownership when moving to file:// uri (CVE-2019-12449) * admin: Use fsuid to ensure correct file ownership (CVE-2019-12447) * admin: Allow changing file owner (CVE-2019-12447) * admin: Add query_info_on_read/write functionality (CVE-2019-12448) * Translation updates
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=885e8c1e16f17802d657b7c0079aaa4bc18d01e3 commit 885e8c1e16f17802d657b7c0079aaa4bc18d01e3 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-07-23 18:20:20 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-07-23 18:20:39 +0000 gnome-base/gvfs: security bump to 1.38.3 Bug: https://bugs.gentoo.org/690144 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> gnome-base/gvfs/Manifest | 1 + .../gvfs/files/1.38.3-gvfsdaemon-rpath.patch | 35 ++++++ gnome-base/gvfs/gvfs-1.38.3.ebuild | 136 +++++++++++++++++++++ 3 files changed, 172 insertions(+)
arm64 stable
x86 stable
amd64 stable
ppc64 stable
ppc stable
sparc stable
alpha stable
arm stable
re-adding arm, since I'm currently unable to push stuff (due to my outdated key) - sorry about that...
ia64, please wake up
commit 354b35983ebf3517f5c7201f600f6181eb9c74ee Author: Mart Raudsepp <leio@gentoo.org> Date: Sat Jan 11 21:48:54 2020 +0200 gnome-base/gvfs: ia64 stable (bug #685254)
Tree is clean.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
CVE ID: CVE-2019-12447 Summary: An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. Published: 2019-05-29T17:29:00.000Z -------------------------------------------------------------------------------- State: ASSIGNED Bugs: https://bugs.gentoo.org/690144 CVE-2019-12448 CVE ID: CVE-2019-12448 Summary: An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. Published: Not yet published -------------------------------------------------------------------------------- State: ASSIGNED Bugs: https://bugs.gentoo.org/690144 CVE-2019-12449 CVE ID: CVE-2019-12449 Summary: An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. Published: 2019-05-29T17:29:00.000Z -------------------------------------------------------------------------------- State: ASSIGNED Bugs: https://bugs.gentoo.org/690144 CVE-2019-12795 CVE ID: CVE-2019-12795 Summary: daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) Published: Not yet published -------------------------------------------------------------------------------- State: ASSIGNED Bugs: https://bugs.gentoo.org/690144 __________________________ GLSA Vote: No Thank you all for you work. Closing as [noglsa].
