Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 692784 (CVE-2019-11461)

Summary: <gnome-base/nautilus-3.30.5-r1: thumbnailer security bypass (CVE-2019-11461)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=692782
Whiteboard: B2 [glsa+ cve]
Package list:
gnome-base/nautilus-3.30.5-r1
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-08-23 20:19:10 UTC
CVE-2019-11461 (https://nvd.nist.gov/vuln/detail/CVE-2019-11461):
  An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32
  prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox
  used to confine thumbnailers by using the TIOCSTI ioctl to push characters
  into the input buffer of the thumbnailer's controlling terminal, allowing an
  attacker to escape the sandbox if the thumbnailer has a controlling
  terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit
  systems, similar to CVE-2019-10063.
Comment 1 Larry the Git Cow gentoo-dev 2019-08-23 20:59:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85cb57ebc68ef86e7286050d8edc186c3f632cf2

commit 85cb57ebc68ef86e7286050d8edc186c3f632cf2
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-08-23 20:57:09 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-08-23 20:57:09 +0000

    gnome-base/nautilus: fix CVE-2019-11461
    
    Bug: https://bugs.gentoo.org/692784
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 .../nautilus/files/3.30.5-CVE-2019-11461.patch     |  30 ++++++
 gnome-base/nautilus/nautilus-3.30.5-r1.ebuild      | 106 +++++++++++++++++++++
 2 files changed, 136 insertions(+)
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-08-24 22:01:43 UTC
arm64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-08-26 14:56:42 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-08-26 15:01:14 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Larry the Git Cow gentoo-dev 2019-08-31 14:06:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91a58bac644b1715b23214bd4977d1bdec7bcea2

commit 91a58bac644b1715b23214bd4977d1bdec7bcea2
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-08-31 14:05:47 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-08-31 14:05:54 +0000

    gnome-base/nautilus: security cleanup
    
    Bug: https://bugs.gentoo.org/692784
    Package-Manager: Portage-2.3.69, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 gnome-base/nautilus/Manifest                      |   2 -
 gnome-base/nautilus/files/3.28.1-docs-build.patch |  42 ---------
 gnome-base/nautilus/nautilus-3.28.1.ebuild        | 104 ---------------------
 gnome-base/nautilus/nautilus-3.30.5.ebuild        | 105 ----------------------
 4 files changed, 253 deletions(-)
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-08-31 14:44:11 UTC
*** Bug 685850 has been marked as a duplicate of this bug. ***
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2019-08-31 15:09:12 UTC
This issue was resolved and addressed in
 GLSA 201908-27 at https://security.gentoo.org/glsa/201908-27
by GLSA coordinator Thomas Deutschmann (whissi).