Note:
This project will be discontinued after December 13, 2021. [more]
2019-05-29
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
| Products | Ubuntu_linux, Fedora, Gvfs, Leap |
| Type | Improper Handling of Exceptional Conditions (CWE-755) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://usn.ubuntu.com/4053-1/
• http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html • http://www.openwall.com/lists/oss-security/2019/07/09/3 |