Operating System:

[Ubuntu]

Published:

10 July 2019

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2019.2520 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2520
                     USN-4053-1: GVfs vulnerabilities
                               10 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           GVfs
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Increased Privileges           -- Existing Account
                   Provide Misleading Information -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12795 CVE-2019-12449 CVE-2019-12448
                   CVE-2019-12447  

Reference:         ESB-2019.2393
                   ESB-2019.2192

Original Bulletin: 
   https://usn.ubuntu.com/4053-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4053-1: GVfs vulnerabilities
9 July 2019

gvfs vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 19.04
  o Ubuntu 18.10
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS

Summary

Several security issues were fixed in GVfs.

Software Description

  o gvfs - Userspace virtual filesystem

Details

It was discovered that GVfs incorrectly handled the admin backend. Files
created or moved by the admin backend could end up with the wrong ownership
information, contrary to expectations. This issue only affected Ubuntu 18.04
LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448,
CVE-2019-12449)

It was discovered that GVfs incorrectly handled authentication on its private
D-Bus socket. A local attacker could possibly connect to this socket and issue
D-Bus calls. (CVE-2019-12795)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 19.04
    gvfs - 1.40.1-1ubuntu0.1
    gvfs-backends - 1.40.1-1ubuntu0.1
Ubuntu 18.10
    gvfs - 1.38.1-0ubuntu1.3.2
    gvfs-backends - 1.38.1-0ubuntu1.3.2
Ubuntu 18.04 LTS
    gvfs - 1.36.1-0ubuntu1.3.3
    gvfs-backends - 1.36.1-0ubuntu1.3.3
Ubuntu 16.04 LTS
    gvfs - 1.28.2-1ubuntu1~16.04.3
    gvfs-backends - 1.28.2-1ubuntu1~16.04.3

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

In general, a standard system update will make all the necessary changes.

References

  o CVE-2019-12447
  o CVE-2019-12448
  o CVE-2019-12449
  o CVE-2019-12795

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXSVV7WaOgq3Tt24GAQj/ExAAwGR/miudelCStGECxtWbPXfprKaMXh+U
QJM9+1IrKFAy9Xg2t/hiiZJknOqvyCMJ9dZisTVtIVEeOgVrLd8l+S1EM/ZEW6Ze
+bNK5SsflaqN02hboG4FsBIGDf5k0X+Xepe6JhV6tdoVatBaLR7GxS7ruJhq3pye
weZGTBrWYA3jNoK15p/sRPFenmOvEFlEKPJ88KNVswhvfmcbomkJcbOwhQCzgZGn
V8/0AGw0oRCACvrEDFJbYneFsyfzfd2fX96bUZqq9BjZM13PwkjOYfCQws1VYJz6
ejnxRX7gK82Ss7rXssTALaveJkW156sMNgSPqI4cmwhnLUFudmXB1AyOiM7h0i6+
cOeXJ0cnR5W418y6Ogv6TTXpTcxmKTwuCgbSm1gHQqfShYYN7iICGbOrJXHD3ui7
15gfO28noj3ke9XTaU6azkdG3JhMBxn82st3KnjtOQKGlNxA5N4awLHDTZJzw9aj
6V05M3d6gMhAh6uyoSCWGuFiF1dzaqCsk7D+UA072KT1zxZBpHJzY06Zj7ehsIHB
ByPUv2RTepO1NTXsDfTVfkml9C55/3WAu28K/xphUAMY+GXSBPPdxzkfSMP9mS9E
uIjj2RDvTrNpyk+6M0XUCcccVUiv/IZhuyiI5b6L3yt3xuBG3j8XWZbwomQjrdVA
fiaqJsvo69g=
=JwtQ
-----END PGP SIGNATURE-----