UbuntuUpdates.org

Package "gvfs"

Name: gvfs

Description:

userspace virtual filesystem - GIO module

Latest version: 1.38.1-0ubuntu1.3.2
Release: cosmic (18.10)
Level: updates
Repository: main
Homepage: https://wiki.gnome.org/Projects/gvfs

Links

Save this URL for the latest version of "gvfs": https://www.ubuntuupdates.org/gvfs


Download "gvfs"


Other versions of "gvfs" in Cosmic

Repository Area Version
base main 1.38.0-2ubuntu2
security main 1.38.1-0ubuntu1.3.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.38.1-0ubuntu1.3.2 2019-07-09 13:07:31 UTC

  gvfs (1.38.1-0ubuntu1.3.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: file ownership mishandling
    - debian/patches/CVE-2019-12447-1.patch: allow changing file owner in
      daemon/gvfsbackendadmin.c.
    - debian/patches/CVE-2019-12447-2.patch: use fsuid to ensure correct
      file ownership in daemon/gvfsbackendadmin.c.
    - CVE-2019-12447
  * SECURITY UPDATE: race conditions in admin backend
    - debian/patches/CVE-2019-12448.patch: add query_info_on_read/write
      functionality in daemon/gvfsbackendadmin.c.
    - CVE-2019-12448
  * SECURITY UPDATE: user and group ownership mishandling during move
    - debian/patches/CVE-2019-12449.patch: ensure correct ownership when
      moving to file:// uri in daemon/gvfsbackendadmin.c.
    - CVE-2019-12449
  * SECURITY UPDATE: incorrect D-Bus server socket restrictions
    - debian/patches/CVE-2019-12795-1.patch: check that the connecting
      client is the same user in daemon/gvfsdaemon.c.
    - debian/patches/CVE-2019-12795-2.patch: only accept EXTERNAL
      authentication in daemon/gvfsdaemon.c.
    - CVE-2019-12795

 -- Marc Deslauriers <email address hidden> Fri, 05 Jul 2019 08:49:36 -0400

Source diff to previous version
CVE-2019-12447 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CVE-2019-12448 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implemen
CVE-2019-12449 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and
CVE-2019-12795 daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket witho

Version: 1.38.1-0ubuntu1.3.1 2019-06-24 12:06:57 UTC

  gvfs (1.38.1-0ubuntu1.3.1) cosmic; urgency=medium

  * No change rebuild to pick up the current samba version.
    The patch git_smb_nt1.patch added to fix smb browsing requires a new
    libsmb api to work and that's checked for at build time (lp: #1778322)

 -- Sebastien Bacher <email address hidden> Wed, 08 May 2019 11:17:32 +0200

Source diff to previous version
1778322 gvfs-smb-browse can't browse samba/smb tree

Version: 1.38.1-0ubuntu1.2 2019-02-12 19:07:35 UTC

  gvfs (1.38.1-0ubuntu1.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: Incorrect authorization
    - debian/patches/CVE-2019-3827.patch: fix in
      daemon/gvfsbackendadmin.c.
    - CVE-2019-3827

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Feb 2019 09:46:17 -0300

Source diff to previous version
CVE-2019-3827 Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

Version: 1.38.1-0ubuntu1.1 2019-01-15 17:06:39 UTC

  gvfs (1.38.1-0ubuntu1.1) cosmic; urgency=medium

  * debian/patches/series:
    - include git_invalid_autorun.patch which was mentioned in
      the previous upload but not added to the serie




About   -   Send Feedback to @ubuntu_updates