Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 692782 (CVE-2019-11460)

Summary: <gnome-base/gnome-desktop-3.30.2.3: thumbnailer security bypass (CVE-2019-11460)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=692784
Whiteboard: B2 [glsa+ cve]
Package list:
gnome-base/gnome-desktop-3.30.2.3
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-08-23 20:18:22 UTC
CVE-2019-11460 (https://nvd.nist.gov/vuln/detail/CVE-2019-11460):
  An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to
  3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape
  the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI
  ioctl to push characters into the input buffer of the thumbnailer's
  controlling terminal, allowing an attacker to escape the sandbox if the
  thumbnailer has a controlling terminal. This is due to improper filtering of
  the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
Comment 1 Larry the Git Cow gentoo-dev 2019-08-23 20:27:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63811b35aecbf5f51d4d906e90ebf7b6bd731d26

commit 63811b35aecbf5f51d4d906e90ebf7b6bd731d26
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-08-23 20:22:47 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-08-23 20:23:24 +0000

    gnome-base/gnome-desktop: security bump to 3.30.2.3
    
    Includes an additional patch from origin/gnome-3-30 for fixing
    built-in display detection with NVIDIA
    
    Bug: https://bugs.gentoo.org/692782
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 gnome-base/gnome-desktop/Manifest                  |  2 +
 .../gnome-desktop/gnome-desktop-3.30.2.3.ebuild    | 68 ++++++++++++++++++++++
 2 files changed, 70 insertions(+)
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-08-24 23:45:17 UTC
arm64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-08-26 12:56:43 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-08-26 15:01:07 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Larry the Git Cow gentoo-dev 2019-08-31 14:06:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efe3644d309a92a7a8f11c3e002e5a3a51ecd230

commit efe3644d309a92a7a8f11c3e002e5a3a51ecd230
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-08-31 14:04:13 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-08-31 14:05:54 +0000

    gnome-base/gnome-desktop: security cleanup
    
    Bug: https://bugs.gentoo.org/692782
    Package-Manager: Portage-2.3.69, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 gnome-base/gnome-desktop/Manifest                  |  2 -
 .../gnome-desktop/gnome-desktop-3.30.2.1.ebuild    | 68 ----------------------
 2 files changed, 70 deletions(-)
Comment 6 Thomas Deutschmann gentoo-dev Security 2019-08-31 14:57:57 UTC
New GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2019-08-31 21:16:49 UTC
This issue was resolved and addressed in
 GLSA 201908-28 at https://security.gentoo.org/glsa/201908-28
by GLSA coordinator Thomas Deutschmann (whissi).