VDB
GCVE-110-MAGEIA-2019-214
GCVE-110-MAGEIA-2019-214
Advisory Published
Updated gvfs package fixes security vulnerabilities:
* daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid
is not used (CVE-2019-12447).
* daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write (CVE-2019-12448).
* daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable
(CVE-2019-12449).
* daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule (CVE-2019-12795)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | gvfs | 0 (affected), 1.32.1-1.2.mga6 (unaffected), 0 (affected), 1.32.1-1.2.mga6 (unaffected) | — |
| Mageia | gvfs | 0 (affected), 1.40.1-4.1.mga7 (unaffected), 0 (affected), 1.40.1-4.1.mga7 (unaffected) | — |
| Mageia | mgaonline | 0 (affected), 3.24.2-1.mga6 (unaffected) | — |
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.