vulnerability

Alma Linux: CVE-2019-13012: Moderate: GNOME security, bug fix, and enhancement update (ALSA-2021-1586)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jun 28, 2019
Added
May 4, 2022
Modified
Aug 11, 2025

Description

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

Solutions

alma-upgrade-accountsservice-develalma-upgrade-atkmmalma-upgrade-atkmm-develalma-upgrade-atkmm-docalma-upgrade-cairommalma-upgrade-cairomm-develalma-upgrade-cairomm-docalma-upgrade-chrome-gnome-shellalma-upgrade-dleyna-corealma-upgrade-dleyna-serveralma-upgrade-enchant2alma-upgrade-enchant2-develalma-upgrade-gaminalma-upgrade-gamin-develalma-upgrade-geoclue2alma-upgrade-geoclue2-demosalma-upgrade-geoclue2-develalma-upgrade-geoclue2-libsalma-upgrade-geocode-glibalma-upgrade-geocode-glib-develalma-upgrade-gjsalma-upgrade-gjs-develalma-upgrade-glib2-docalma-upgrade-glib2-staticalma-upgrade-glibmm24alma-upgrade-glibmm24-develalma-upgrade-glibmm24-docalma-upgrade-gnome-boxesalma-upgrade-gnome-photosalma-upgrade-gnome-photos-testsalma-upgrade-gnome-terminalalma-upgrade-gnome-terminal-nautilusalma-upgrade-gtk-docalma-upgrade-gtk2alma-upgrade-gtk2-develalma-upgrade-gtk2-devel-docsalma-upgrade-gtk2-immodule-ximalma-upgrade-gtk2-immodulesalma-upgrade-gtkmm24alma-upgrade-gtkmm24-develalma-upgrade-gtkmm24-docsalma-upgrade-gtkmm30alma-upgrade-gtkmm30-develalma-upgrade-gtkmm30-docalma-upgrade-gvfsalma-upgrade-gvfs-afcalma-upgrade-gvfs-afpalma-upgrade-gvfs-archivealma-upgrade-gvfs-clientalma-upgrade-gvfs-develalma-upgrade-gvfs-fusealma-upgrade-gvfs-goaalma-upgrade-gvfs-gphoto2alma-upgrade-gvfs-mtpalma-upgrade-gvfs-smbalma-upgrade-libdazzlealma-upgrade-libdazzle-develalma-upgrade-libepubgenalma-upgrade-libepubgen-develalma-upgrade-libsassalma-upgrade-libsass-develalma-upgrade-libsigc++20alma-upgrade-libsigc++20-develalma-upgrade-libsigc++20-docalma-upgrade-libvisualalma-upgrade-libvisual-develalma-upgrade-mutter-develalma-upgrade-nautilusalma-upgrade-nautilus-develalma-upgrade-nautilus-extensionsalma-upgrade-openexr-develalma-upgrade-openexr-libsalma-upgrade-pangommalma-upgrade-pangomm-develalma-upgrade-pangomm-docalma-upgrade-soundtouchalma-upgrade-soundtouch-develalma-upgrade-valaalma-upgrade-vala-develalma-upgrade-woff2alma-upgrade-woff2-devel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today