CVE-2019-11461

22.04.2019, 21:29

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	HIGH	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Affected Products (NVD)

Vendor	Product	Version
gnome	nautilus	3.30 ≤ 𝑥 < 3.30.6
gnome	nautilus	3.32 ≤ 𝑥 < 3.32.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nautilus

bookworm	43.2-1 fixed
bullseye	3.38.2-1+deb11u1 fixed
jessie	not-affected
sid	47.0-2 fixed
stretch	not-affected
trixie	47.0-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

nautilus

bionic	not-affected
cosmic	not-affected
disco	Fixed 1:3.32.1-0ubuntu0.19.04.0 released
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

flatpak

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

flatpak-devel

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

gnome-shell-search-provider-nautilus

suse enterprise desktop 15 SP2	3.34.2-2.25 fixed
suse enterprise desktop 15 SP3	3.34.3-4.3.1 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.8 fixed
suse enterprise desktop 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise desktop 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP2	3.34.2-2.25 fixed
suse enterprise sap 15 SP3	3.34.3-4.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.8 fixed
suse enterprise sap 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP2	3.34.2-2.25 fixed
suse enterprise server 15 SP3	3.34.3-4.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.8 fixed
suse enterprise server 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP7	45.2.1-150600.1.4 fixed

libflatpak0

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

libnautilus-extension1

suse enterprise desktop 15 SP2	3.34.2-2.25 fixed
suse enterprise desktop 15 SP3	3.34.3-4.3.1 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.8 fixed
suse enterprise desktop 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	41.5-150400.3.6.1 fixed
suse enterprise desktop 15 SP7	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP2	3.34.2-2.25 fixed
suse enterprise sap 15 SP3	3.34.3-4.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.8 fixed
suse enterprise sap 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP6	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP7	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP2	3.34.2-2.25 fixed
suse enterprise server 15 SP3	3.34.3-4.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.8 fixed
suse enterprise server 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP6	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP7	41.5-150400.3.6.1 fixed

libnautilus-extension4

suse enterprise desktop 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise desktop 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP7	45.2.1-150600.1.4 fixed

nautilus

suse enterprise desktop 15 SP2	3.34.2-2.25 fixed
suse enterprise desktop 15 SP3	3.34.3-4.3.1 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.8 fixed
suse enterprise desktop 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise desktop 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP2	3.34.2-2.25 fixed
suse enterprise sap 15 SP3	3.34.3-4.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.8 fixed
suse enterprise sap 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP2	3.34.2-2.25 fixed
suse enterprise server 15 SP3	3.34.3-4.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.8 fixed
suse enterprise server 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP7	45.2.1-150600.1.4 fixed

nautilus-devel

suse enterprise desktop 15 SP2	3.34.2-2.25 fixed
suse enterprise desktop 15 SP3	3.34.3-4.3.1 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.8 fixed
suse enterprise desktop 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise desktop 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP2	3.34.2-2.25 fixed
suse enterprise sap 15 SP3	3.34.3-4.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.8 fixed
suse enterprise sap 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP2	3.34.2-2.25 fixed
suse enterprise server 15 SP3	3.34.3-4.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.8 fixed
suse enterprise server 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP7	45.2.1-150600.1.4 fixed

nautilus-lang

suse enterprise desktop 15 SP2	3.34.2-2.25 fixed
suse enterprise desktop 15 SP3	3.34.3-4.3.1 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.8 fixed
suse enterprise desktop 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise desktop 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP2	3.34.2-2.25 fixed
suse enterprise sap 15 SP3	3.34.3-4.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.8 fixed
suse enterprise sap 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP2	3.34.2-2.25 fixed
suse enterprise server 15 SP3	3.34.3-4.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.8 fixed
suse enterprise server 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP7	45.2.1-150600.1.4 fixed

typelib-1_0-Flatpak-1_0

suse enterprise desktop 15	0.10.4-4.10.1 fixed
suse enterprise sap 15	0.10.4-4.10.1 fixed
suse enterprise server 15	0.10.4-4.10.1 fixed

typelib-1_0-Nautilus-3_0

suse enterprise desktop 15 SP2	3.34.2-2.25 fixed
suse enterprise desktop 15 SP3	3.34.3-4.3.1 fixed
suse enterprise desktop 15 SP4	41.2-150400.1.8 fixed
suse enterprise desktop 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise sap 15 SP2	3.34.2-2.25 fixed
suse enterprise sap 15 SP3	3.34.3-4.3.1 fixed
suse enterprise sap 15 SP4	41.2-150400.1.8 fixed
suse enterprise sap 15 SP5	41.5-150400.3.6.1 fixed
suse enterprise server 15 SP2	3.34.2-2.25 fixed
suse enterprise server 15 SP3	3.34.3-4.3.1 fixed
suse enterprise server 15 SP4	41.2-150400.1.8 fixed
suse enterprise server 15 SP5	41.5-150400.3.6.1 fixed

typelib-1_0-Nautilus-4_0

suse enterprise desktop 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise desktop 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise sap 15 SP7	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP6	45.2.1-150600.1.4 fixed
suse enterprise server 15 SP7	45.2.1-150600.1.4 fixed

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html

https://gitlab.gnome.org/GNOME/nautilus/issues/987

https://security.gentoo.org/glsa/201908-27

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html

https://gitlab.gnome.org/GNOME/nautilus/issues/987

https://security.gentoo.org/glsa/201908-27