CVE-2018-12560

Priority
Description
An issue was discovered in the cantata-mounter D-Bus service in Cantata
through 2.3.1. Arbitrary unmounts can be performed by regular users via
directory traversal sequences such as a home/../sys/kernel substring.
Notes
Package
Upstream:released (2.3.0.ds1-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (vulnerable code not built)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (vulnerable code not built)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.3.0.ds1-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.3.0.ds1-2)
More Information

Updated: 2020-01-29 20:01:49 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)