CVE-2019-11460

22.04.2019, 22:29

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9 CRITICAL	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Affected Products (NVD)

Vendor	Product	Version
gnome	gnome-desktop	3.30.0 ≤ 𝑥 < 3.30.2.2
gnome	gnome-desktop	3.32.0 ≤ 𝑥 < 3.32.1.1
gnome	gnome-desktop	3.26.0
gnome	gnome-desktop	3.28.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gnome-desktop3

bullseye	3.38.5-3 fixed
buster	no-dsa
jessie	not-affected
stretch	not-affected

Ubuntu Releases

Ubuntu Product

Codename

gnome-desktop3

bionic	Fixed 3.28.2-0ubuntu1.3 released
cosmic	Fixed 3.30.1-1ubuntu1.1 released
disco	Fixed 3.32.1-1ubuntu1.1 released
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

flatpak

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

flatpak-devel

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

gnome-desktop-lang

suse enterprise desktop 15 SP2	3.34.4-1.32 fixed
suse enterprise desktop 15 SP3	3.34.7-3.3.2 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.7 fixed
suse enterprise desktop 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP2	3.34.4-1.32 fixed
suse enterprise sap 15 SP3	3.34.7-3.3.2 fixed
suse enterprise sap 15 SP4	41.2-150400.1.7 fixed
suse enterprise sap 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP2	3.34.4-1.32 fixed
suse enterprise server 15 SP3	3.34.7-3.3.2 fixed
suse enterprise server 15 SP4	41.2-150400.1.7 fixed
suse enterprise server 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

gnome-version

suse enterprise desktop 15 SP2	3.34.4-1.32 fixed
suse enterprise desktop 15 SP3	3.34.7-3.3.2 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.7 fixed
suse enterprise desktop 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.32 fixed
suse enterprise sap 15 SP3	3.34.7-3.3.2 fixed
suse enterprise sap 15 SP4	41.2-150400.1.7 fixed
suse enterprise sap 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.32 fixed
suse enterprise server 15 SP3	3.34.7-3.3.2 fixed
suse enterprise server 15 SP4	41.2-150400.1.7 fixed
suse enterprise server 15 SP5	41.8-150400.3.3.1 fixed

libflatpak0

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

libgnome-desktop-3-18

suse enterprise desktop 15 SP2	3.34.4-1.32 fixed
suse enterprise desktop 15 SP3	3.34.7-3.3.2 fixed
suse enterprise sap 15 SP2	3.34.4-1.32 fixed
suse enterprise sap 15 SP3	3.34.7-3.3.2 fixed
suse enterprise server 15 SP2	3.34.4-1.32 fixed
suse enterprise server 15 SP3	3.34.7-3.3.2 fixed

libgnome-desktop-3-19

suse enterprise desktop 15 SP4	41.2-150400.1.7 fixed
suse enterprise desktop 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.7 fixed
suse enterprise sap 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.7 fixed
suse enterprise server 15 SP5	41.8-150400.3.3.1 fixed

libgnome-desktop-3-20

suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

libgnome-desktop-3-devel

suse enterprise desktop 15 SP2	3.34.4-1.32 fixed
suse enterprise desktop 15 SP3	3.34.7-3.3.2 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.7 fixed
suse enterprise desktop 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP2	3.34.4-1.32 fixed
suse enterprise sap 15 SP3	3.34.7-3.3.2 fixed
suse enterprise sap 15 SP4	41.2-150400.1.7 fixed
suse enterprise sap 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP2	3.34.4-1.32 fixed
suse enterprise server 15 SP3	3.34.7-3.3.2 fixed
suse enterprise server 15 SP4	41.2-150400.1.7 fixed
suse enterprise server 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

libgnome-desktop-3_0-common

suse enterprise desktop 15 SP2	3.34.4-1.32 fixed
suse enterprise desktop 15 SP3	3.34.7-3.3.2 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.7 fixed
suse enterprise desktop 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP2	3.34.4-1.32 fixed
suse enterprise sap 15 SP3	3.34.7-3.3.2 fixed
suse enterprise sap 15 SP4	41.2-150400.1.7 fixed
suse enterprise sap 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP2	3.34.4-1.32 fixed
suse enterprise server 15 SP3	3.34.7-3.3.2 fixed
suse enterprise server 15 SP4	41.2-150400.1.7 fixed
suse enterprise server 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

libgnome-desktop-4-2

suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

typelib-1_0-Flatpak-1_0

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

typelib-1_0-GnomeBG-4_0

suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

typelib-1_0-GnomeDesktop-3_0

suse enterprise desktop 15 SP2	3.34.4-1.32 fixed
suse enterprise desktop 15 SP3	3.34.7-3.3.2 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.7 fixed
suse enterprise desktop 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP2	3.34.4-1.32 fixed
suse enterprise sap 15 SP3	3.34.7-3.3.2 fixed
suse enterprise sap 15 SP4	41.2-150400.1.7 fixed
suse enterprise sap 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP2	3.34.4-1.32 fixed
suse enterprise server 15 SP3	3.34.7-3.3.2 fixed
suse enterprise server 15 SP4	41.2-150400.1.7 fixed
suse enterprise server 15 SP5	41.8-150400.3.3.1 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

typelib-1_0-GnomeDesktop-4_0

suse enterprise desktop 15 SP6	44.0-150600.1.3 fixed
suse enterprise desktop 15 SP7	44.0-150600.1.3 fixed
suse enterprise sap 15 SP6	44.0-150600.1.3 fixed
suse enterprise sap 15 SP7	44.0-150600.1.3 fixed
suse enterprise server 15 SP6	44.0-150600.1.3 fixed
suse enterprise server 15 SP7	44.0-150600.1.3 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html

https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5V6EIUHYR7SNKCRIGYCD3UWNEGFNT2F/

https://security.gentoo.org/glsa/201908-28

https://usn.ubuntu.com/3994-1/

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html

https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5V6EIUHYR7SNKCRIGYCD3UWNEGFNT2F/

https://security.gentoo.org/glsa/201908-28

https://usn.ubuntu.com/3994-1/