userspace virtual filesystem - GIO module
Save this URL for the latest version of "gvfs":
Other versions of "gvfs" in Bionic
Packages in group
Deleted packages are displayed in grey.
gvfs (1.36.1-0ubuntu1.3.3) bionic-security; urgency=medium
* SECURITY UPDATE: file ownership mishandling
- debian/patches/CVE-2019-12447-1.patch: allow changing file owner in
- debian/patches/CVE-2019-12447-2.patch: use fsuid to ensure correct
file ownership in daemon/gvfsbackendadmin.c.
* SECURITY UPDATE: race conditions in admin backend
- debian/patches/CVE-2019-12448.patch: add query_info_on_read/write
functionality in daemon/gvfsbackendadmin.c.
* SECURITY UPDATE: user and group ownership mishandling during move
- debian/patches/CVE-2019-12449.patch: ensure correct ownership when
moving to file:// uri in daemon/gvfsbackendadmin.c.
* SECURITY UPDATE: incorrect D-Bus server socket restrictions
- debian/patches/CVE-2019-12795-1.patch: check that the connecting
client is the same user in daemon/gvfsdaemon.c.
- debian/patches/CVE-2019-12795-2.patch: only accept EXTERNAL
authentication in daemon/gvfsdaemon.c.
-- Marc Deslauriers <email address hidden> Fri, 05 Jul 2019 09:04:54 -0400
|Source diff to previous version|
||An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
||An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implemen
||An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and
||daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket witho
gvfs (1.36.1-0ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: Incorrect authorization
- debian/patches/CVE-2019-3827.patch: fix in
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Feb 2019 09:40:15 -0300
||Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
Send Feedback to @ubuntu_updates