vulnerability
Oracle Linux: CVE-2019-12447: ELSA-2020-1766: GNOME security, bug fix, and enhancement update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | May 29, 2019 | Jul 22, 2024 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
May 29, 2019
Added
Jul 22, 2024
Modified
Dec 3, 2025
Description
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read and write them.
It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read and write them.
Solutions
oracle-linux-upgrade-accountsserviceoracle-linux-upgrade-accountsservice-develoracle-linux-upgrade-accountsservice-libsoracle-linux-upgrade-appstream-dataoracle-linux-upgrade-clutteroracle-linux-upgrade-clutter-develoracle-linux-upgrade-clutter-docoracle-linux-upgrade-evinceoracle-linux-upgrade-evince-browser-pluginoracle-linux-upgrade-evince-libsoracle-linux-upgrade-evince-nautilusoracle-linux-upgrade-gdmoracle-linux-upgrade-gjsoracle-linux-upgrade-gjs-develoracle-linux-upgrade-gnome-boxesoracle-linux-upgrade-gnome-control-centeroracle-linux-upgrade-gnome-control-center-filesystemoracle-linux-upgrade-gnome-menusoracle-linux-upgrade-gnome-menus-develoracle-linux-upgrade-gnome-online-accountsoracle-linux-upgrade-gnome-online-accounts-develoracle-linux-upgrade-gnome-remote-desktoporacle-linux-upgrade-gnome-sessionoracle-linux-upgrade-gnome-session-wayland-sessionoracle-linux-upgrade-gnome-session-xsessionoracle-linux-upgrade-gnome-settings-daemonoracle-linux-upgrade-gnome-shelloracle-linux-upgrade-gnome-softwareoracle-linux-upgrade-gnome-software-editororacle-linux-upgrade-gnome-terminaloracle-linux-upgrade-gnome-terminal-nautilusoracle-linux-upgrade-gnome-tweaksoracle-linux-upgrade-gsettings-desktop-schemasoracle-linux-upgrade-gsettings-desktop-schemas-develoracle-linux-upgrade-gtk3oracle-linux-upgrade-gtk3-develoracle-linux-upgrade-gtk3-immodule-ximoracle-linux-upgrade-gtk-update-icon-cacheoracle-linux-upgrade-libraworacle-linux-upgrade-libraw-develoracle-linux-upgrade-libvncserveroracle-linux-upgrade-libvncserver-develoracle-linux-upgrade-libxsltoracle-linux-upgrade-libxslt-develoracle-linux-upgrade-mozjs52oracle-linux-upgrade-mozjs52-develoracle-linux-upgrade-mozjs60oracle-linux-upgrade-mozjs60-develoracle-linux-upgrade-mutteroracle-linux-upgrade-mutter-develoracle-linux-upgrade-nautilusoracle-linux-upgrade-nautilus-develoracle-linux-upgrade-nautilus-extensionsoracle-linux-upgrade-valaoracle-linux-upgrade-vala-develoracle-linux-upgrade-vinagre
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.