- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4053-1
July 09, 2019
gvfs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GVfs.
Software Description:
– gvfs: Userspace virtual filesystem
Details:
It was discovered that GVfs incorrectly handled the admin backend. Files
created or moved by the admin backend could end up with the wrong ownership
information, contrary to expectations. This issue only affected Ubuntu
18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448,
CVE-2019-12449)
It was discovered that GVfs incorrectly handled authentication on its
private D-Bus socket. A local attacker could possibly connect to this
socket and issue D-Bus calls. (CVE-2019-12795)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
gvfs 1.40.1-1ubuntu0.1
gvfs-backends 1.40.1-1ubuntu0.1
Ubuntu 18.10:
gvfs 1.38.1-0ubuntu1.3.2
gvfs-backends 1.38.1-0ubuntu1.3.2
Ubuntu 18.04 LTS:
gvfs 1.36.1-0ubuntu1.3.3
gvfs-backends 1.36.1-0ubuntu1.3.3
Ubuntu 16.04 LTS:
gvfs 1.28.2-1ubuntu1~16.04.3
gvfs-backends 1.28.2-1ubuntu1~16.04.3
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4053-1
CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12795
Package Information:
https://launchpad.net/ubuntu/+source/gvfs/1.40.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gvfs/1.38.1-0ubuntu1.3.2
https://launchpad.net/ubuntu/+source/gvfs/1.36.1-0ubuntu1.3.3
https://launchpad.net/ubuntu/+source/gvfs/1.28.2-1ubuntu1~16.04.3
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0kiLMACgkQZWnYVadE
vpMzZQ/7B29rhXyvMV/0XMfHiRieTyLVX+o/v8yDbRoDtuZPsIf9S1+ycunXKpKy
JcalPqxb1DHTCJPL6cja2PG/eJBINhk64WqnG0ugtmyylfCXY/h3ZtkF8MHhf0sq
oF5doRv1FZCKqipD5bdjajewTg4ZDtznN8KMPEc2uEd5F7xj4vrfdoxjEvNlPaTq
1ZxJ3JdyC6aku5jA4p3gJ1fa+gc7Pwf+nDEcrrjiuIMEh4J1t3g0BPhi1saS5YRL
Fy7hWycl5x8H1OLDsP3fWvf9mj9h23Vz0NWM9aezv02Q7i68yud5f/WSpawEIAlc
u23LooY5x04uCQCnVYxJG2PLH4Ma/3cpzO4h/vWDrueJto5vOEILCQpWNWN0N6If
YIrJpssxxKxClIwiJ5CwxaAPSpogy55PVF5OmQawjUejDJqJCiVk+yv6kZpfXzow
n4lWbWIuky6cK+YSt11sbCtSvhXQmk64nIjxh1jk8nAa7GXiNRYN8S+8uKl49N6L
MJetw7AvUHlvSACjqGDDiilZZ6oZcdUqR4jJSu1fmYNkQlBMBURRVFvmGfee6UVE
V9Z9h9GXVye8EACYdC+H03oN9SK3ZlVmr1Z8tMLxdlpiVWMHMUKf8bUs8H+FPqiS
S0igFcAgjQx1iGt1oL38PdEne94C6DnLdYkwd0fO8L3OuuAsBBI=
=HjVd
—–END PGP SIGNATURE—–
—
| Autor | Toni Vugdelija |
| Cert id | NCERT-REF-2019-07-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
