USN-4053-1

Source
https://ubuntu.com/security/notices/USN-4053-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4053-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4053-1
Related
Published
2019-07-09T11:29:22.867930Z
Modified
2019-07-09T11:29:22.867930Z
Summary
gvfs vulnerabilities
Details

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449)

It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795)

References

Affected packages

Ubuntu:16.04:LTS / gvfs

Package

Name
gvfs
Purl
pkg:deb/ubuntu/gvfs?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.2-1ubuntu1~16.04.3

Affected versions

1.*

1.24.2-0ubuntu4
1.24.2-0ubuntu5
1.24.2-0ubuntu6
1.26.2-1ubuntu1
1.27.3-1ubuntu1
1.27.4-1ubuntu1
1.27.90-1ubuntu1
1.27.92-1ubuntu1
1.28.1-1ubuntu1
1.28.2-1ubuntu1~16.04.1
1.28.2-1ubuntu1~16.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-backends"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-backends-dbgsym"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-bin"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-bin-dbgsym"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-common"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-daemons"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-daemons-dbgsym"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-dbgsym"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-fuse"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-fuse-dbgsym"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-libs"
        },
        {
            "binary_version": "1.28.2-1ubuntu1~16.04.3",
            "binary_name": "gvfs-libs-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / gvfs

Package

Name
gvfs
Purl
pkg:deb/ubuntu/gvfs?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.36.1-0ubuntu1.3.3

Affected versions

1.*

1.34.1-1ubuntu1
1.34.1-1ubuntu3
1.34.1-1ubuntu4
1.34.1-2ubuntu2
1.35.91-1ubuntu1
1.35.91-1ubuntu2
1.36.0-1ubuntu1
1.36.1-0ubuntu1
1.36.1-0ubuntu1.1
1.36.1-0ubuntu1.2
1.36.1-0ubuntu1.3
1.36.1-0ubuntu1.3.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-backends"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-backends-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-bin"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-common"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-daemons"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-daemons-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-fuse"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-fuse-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-libs"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3.3",
            "binary_name": "gvfs-libs-dbgsym"
        }
    ]
}