CVE-2019-12448 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Affected Products (NVD)

Vendor	Product	Version
gnome	gvfs	1.29.4 ≤ 𝑥 ≤ 1.41.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gvfs

bookworm	1.50.3-1 fixed
bullseye	1.46.2-1 fixed
jessie	not-affected
sid	1.56.1-1 fixed
stretch	no-dsa
trixie	1.56.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gvfs

bionic	Fixed 1.36.1-0ubuntu1.3.3 released
cosmic	Fixed 1.38.1-0ubuntu1.3.2 released
disco	Fixed 1.40.1-1ubuntu0.1 released
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

gvfs

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

gvfs-backend-afc

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

gvfs-backend-samba

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

gvfs-backends

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

gvfs-devel

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

gvfs-fuse

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

gvfs-lang

suse enterprise desktop 15	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise desktop 15 SP2	1.42.2-4.24 fixed
suse enterprise desktop 15 SP3	1.42.2-4.24 fixed
suse enterprise desktop 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise desktop 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise desktop 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise sap 15	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise sap 15 SP2	1.42.2-4.24 fixed
suse enterprise sap 15 SP3	1.42.2-4.24 fixed
suse enterprise sap 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise sap 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise sap 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise sap 15 SP7	1.52.2-150600.1.6 fixed
suse enterprise server 15	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP1	1.34.2.1-4.13.1 fixed
suse enterprise server 15 SP2	1.42.2-4.24 fixed
suse enterprise server 15 SP3	1.42.2-4.24 fixed
suse enterprise server 15 SP4	1.48.1-150400.2.17 fixed
suse enterprise server 15 SP5	1.48.2-150400.4.6.1 fixed
suse enterprise server 15 SP6	1.52.2-150600.1.6 fixed
suse enterprise server 15 SP7	1.52.2-150600.1.6 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

LibRaw

RHEL 8

0:0.19.5-1.el8

fixed

LibRaw-devel

RHEL 8

0:0.19.5-1.el8

fixed

accountsservice

RHEL 8

0:0.6.50-8.el8

fixed

accountsservice-devel

RHEL 8

0:0.6.50-8.el8

fixed

accountsservice-libs

RHEL 8

0:0.6.50-8.el8

fixed

appstream-data

RHEL 8

0:8-20191129.el8

fixed

baobab

RHEL 8

0:3.28.0-4.el8

fixed

clutter

RHEL 8

0:1.26.2-8.el8

fixed

clutter-devel

RHEL 8

0:1.26.2-8.el8

fixed

clutter-doc

RHEL 8

0:1.26.2-8.el8

fixed

evince

RHEL 8

0:3.28.4-4.el8

fixed

evince-browser-plugin

RHEL 8

0:3.28.4-4.el8

fixed

evince-libs

RHEL 8

0:3.28.4-4.el8

fixed

evince-nautilus

RHEL 8

0:3.28.4-4.el8

fixed

gdm

RHEL 8

1:3.28.3-29.el8

fixed

gjs

RHEL 8

0:1.56.2-4.el8

fixed

gjs-devel

RHEL 8

0:1.56.2-4.el8

fixed

gnome-boxes

RHEL 8

0:3.28.5-8.el8

fixed

gnome-control-center

RHEL 8

0:3.28.2-19.el8

fixed

gnome-control-center-filesystem

RHEL 8

0:3.28.2-19.el8

fixed

gnome-menus

RHEL 8

0:3.13.3-11.el8

fixed

gnome-menus-devel

RHEL 8

0:3.13.3-11.el8

fixed

gnome-online-accounts

RHEL 8

0:3.28.2-1.el8

fixed

gnome-online-accounts-devel

RHEL 8

0:3.28.2-1.el8

fixed

gnome-remote-desktop

RHEL 8

0:0.1.6-8.el8

fixed

gnome-session

RHEL 8

0:3.28.1-8.el8

fixed

gnome-session-wayland-session

RHEL 8

0:3.28.1-8.el8

fixed

gnome-session-xsession

RHEL 8

0:3.28.1-8.el8

fixed

gnome-settings-daemon

RHEL 8

0:3.32.0-9.el8

fixed

gnome-shell

RHEL 8

0:3.32.2-14.el8

fixed

gnome-software

RHEL 8

0:3.30.6-3.el8

fixed

gnome-software-editor

RHEL 8

0:3.30.6-3.el8

fixed

gnome-terminal

RHEL 8

0:3.28.3-1.el8

fixed

gnome-terminal-nautilus

RHEL 8

0:3.28.3-1.el8

fixed

gnome-tweaks

RHEL 8

0:3.28.1-7.el8

fixed

gsettings-desktop-schemas

RHEL 8

0:3.32.0-4.el8

fixed

gsettings-desktop-schemas-devel

RHEL 8

0:3.32.0-4.el8

fixed

gtk-update-icon-cache

RHEL 8

0:3.22.30-5.el8

fixed

gtk3

RHEL 8

0:3.22.30-5.el8

fixed

gtk3-devel

RHEL 8

0:3.22.30-5.el8

fixed

gtk3-immodule-xim

RHEL 8

0:3.22.30-5.el8

fixed

gvfs

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-afc

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-afp

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-archive

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-client

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-devel

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-fuse

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-goa

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-gphoto2

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-mtp

RHEL 8

0:1.36.2-8.el8

fixed

gvfs-smb

RHEL 8

0:1.36.2-8.el8

fixed

libvncserver

RHEL 8

0:0.9.11-14.el8

fixed

libvncserver-devel

RHEL 8

0:0.9.11-14.el8

fixed

libxslt

RHEL 8

0:1.1.32-4.el8

fixed

libxslt-devel

RHEL 8

0:1.1.32-4.el8

fixed

mozjs52

RHEL 8

0:52.9.0-2.el8

fixed

mozjs52-devel

RHEL 8

0:52.9.0-2.el8

fixed

mozjs60

RHEL 8

0:60.9.0-4.el8

fixed

mozjs60-devel

RHEL 8

0:60.9.0-4.el8

fixed

mutter

RHEL 8

0:3.32.2-34.el8

fixed

mutter-devel

RHEL 8

0:3.32.2-34.el8

fixed

nautilus

RHEL 8

0:3.28.1-12.el8

fixed

nautilus-devel

RHEL 8

0:3.28.1-12.el8

fixed

nautilus-extensions

RHEL 8

0:3.28.1-12.el8

fixed

vala

RHEL 8

0:0.40.19-1.el8

fixed

vala-devel

RHEL 8

0:0.40.19-1.el8

fixed

vinagre

RHEL 8

0:3.22.0-21.el8

fixed

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html

http://www.openwall.com/lists/oss-security/2019/07/09/3

https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/

https://usn.ubuntu.com/4053-1/

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html

http://www.openwall.com/lists/oss-security/2019/07/09/3

https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/

https://usn.ubuntu.com/4053-1/