From https://bugzilla.redhat.com/show_bug.cgi?id=1719141#c11: There's a flaw when copying a file using g_file_copy() glib's API function where gio library firstly create the destination file with default permissions before the copy ends. The bug is located at file_copy_fallback() which when called under certain circumstances creates new files using default permissions instead the same of origin file, the right permissions are set once the data copy ends. While the data copy is ongoing the file may be improper accessible by users which doesn't have permissions to read or write to it, compromising data confidentiality and integrity.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f584ca053067b4aa6fb09cfe655ab260035366d2 commit f584ca053067b4aa6fb09cfe655ab260035366d2 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-07-23 13:00:09 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-07-23 13:00:23 +0000 dev-libs/glib: fix CVE-2019-12450 plus an unrelated small patch from upstream 2-58 branch. Bug: https://bugs.gentoo.org/690498 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/glib/files/2.58.3-CVE-2019-12450.patch | 53 ++++ .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++ dev-libs/glib/glib-2.58.3-r1.ebuild | 315 +++++++++++++++++++++ 3 files changed, 488 insertions(+)
arm64 stable
x86 stable
ia64 stable
amd64 stable
hppa/sparc stable
s390 stable
ppc64 stable
ppc stable
arm stable
alpha stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50dab61f330019e9173d8f24c424de5e12451831 commit 50dab61f330019e9173d8f24c424de5e12451831 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-07-28 20:21:39 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-07-28 20:22:37 +0000 dev-libs/glib: security cleanup Bug: https://bugs.gentoo.org/690498 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/glib/glib-2.58.3.ebuild | 310 --------------------------------------- 1 file changed, 310 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/musl.git/commit/?id=1cff7d041fe6e0054c7d0cd5dadede5fd62271f8 commit 1cff7d041fe6e0054c7d0cd5dadede5fd62271f8 Author: stefson <herrtimson@yahoo.de> AuthorDate: 2019-07-25 15:26:42 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2019-08-21 12:55:11 +0000 dev-libs/glib: add 2.58.3-r1 from tree Bug: https://bugs.gentoo.org/690498 Signed-off-by: Steffen Kuhn <nielson2@yandex.com> Signed-off-by: Anthony G. Basile <blueness@gentoo.org> dev-libs/glib/files/2.58.3-CVE-2019-12450.patch | 53 ++++ .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++ dev-libs/glib/glib-2.58.3-r1.ebuild | 320 +++++++++++++++++++++ 3 files changed, 493 insertions(+)