Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 690498 (CVE-2019-12450) - <dev-libs/glib-2.58.3-r1: file_copy_fallback does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450)
Summary: <dev-libs/glib-2.58.3-r1: file_copy_fallback does not properly restrict file ...
Status: RESOLVED FIXED
Alias: CVE-2019-12450
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://gitlab.gnome.org/GNOME/glib/c...
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-23 12:20 UTC by Thomas Deutschmann (RETIRED)
Modified: 2019-08-21 12:55 UTC (History)
1 user (show)

See Also:
Package list:
dev-libs/glib-2.58.3-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2019-07-23 12:20:19 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=1719141#c11:

There's a flaw when copying a file using g_file_copy() glib's API function where gio library firstly create the destination file with default permissions before the copy ends. The bug is located at file_copy_fallback() which when called under certain circumstances creates new files using default permissions instead the same of origin file, the right permissions are set once the data copy ends. While the data copy is ongoing the file may be improper accessible by users which doesn't have permissions to read or write to it, compromising data confidentiality and integrity.
Comment 1 Larry the Git Cow gentoo-dev 2019-07-23 13:03:57 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f584ca053067b4aa6fb09cfe655ab260035366d2

commit f584ca053067b4aa6fb09cfe655ab260035366d2
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-07-23 13:00:09 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-07-23 13:00:23 +0000

    dev-libs/glib: fix CVE-2019-12450
    
    plus an unrelated small patch from upstream 2-58 branch.
    
    Bug: https://bugs.gentoo.org/690498
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 dev-libs/glib/files/2.58.3-CVE-2019-12450.patch    |  53 ++++
 .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++
 dev-libs/glib/glib-2.58.3-r1.ebuild                | 315 +++++++++++++++++++++
 3 files changed, 488 insertions(+)
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-07-23 19:13:15 UTC 
arm64 stable
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2019-07-24 20:50:33 UTC 
x86 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2019-07-24 21:57:09 UTC 
ia64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-07-25 13:06:45 UTC 
amd64 stable
Comment 6 Rolf Eike Beer archtester 2019-07-25 19:53:28 UTC 
hppa/sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-07-26 08:48:42 UTC 
s390 stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-07-26 09:17:07 UTC 
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-07-26 09:52:38 UTC 
ppc stable
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-07-28 20:17:14 UTC 
arm stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-07-28 20:17:35 UTC 
alpha stable
Comment 12 Larry the Git Cow gentoo-dev 2019-07-28 20:22:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50dab61f330019e9173d8f24c424de5e12451831

commit 50dab61f330019e9173d8f24c424de5e12451831
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-07-28 20:21:39 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-07-28 20:22:37 +0000

    dev-libs/glib: security cleanup
    
    Bug: https://bugs.gentoo.org/690498
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 dev-libs/glib/glib-2.58.3.ebuild | 310 ---------------------------------------
 1 file changed, 310 deletions(-)
Comment 13 Larry the Git Cow gentoo-dev 2019-08-21 12:55:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/musl.git/commit/?id=1cff7d041fe6e0054c7d0cd5dadede5fd62271f8

commit 1cff7d041fe6e0054c7d0cd5dadede5fd62271f8
Author:     stefson <herrtimson@yahoo.de>
AuthorDate: 2019-07-25 15:26:42 +0000
Commit:     Anthony G. Basile <blueness@gentoo.org>
CommitDate: 2019-08-21 12:55:11 +0000

    dev-libs/glib: add 2.58.3-r1 from tree
    
    Bug: https://bugs.gentoo.org/690498
    Signed-off-by: Steffen Kuhn <nielson2@yandex.com>
    Signed-off-by: Anthony G. Basile <blueness@gentoo.org>

 dev-libs/glib/files/2.58.3-CVE-2019-12450.patch    |  53 ++++
 .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++
 dev-libs/glib/glib-2.58.3-r1.ebuild                | 320 +++++++++++++++++++++
 3 files changed, 493 insertions(+)