CVE-2019-11460 (retired)

Priority
Description
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior
to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may
escape the bubblewrap sandbox used to confine thumbnailers by using the
TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's
controlling terminal, allowing an attacker to escape the sandbox if the
thumbnailer has a controlling terminal. This is due to improper filtering
of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.28.2-0ubuntu1.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (3.30.1-1ubuntu1.1)
Ubuntu 19.04 (Disco Dingo):released (3.32.1-1ubuntu1.1)
Ubuntu 19.10 (Eoan):released (3.32.2-1ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gnome-desktop/commit/02198486eb2d27928db86a685383ab4a0ff9b742 (3.28)
Upstream:https://gitlab.gnome.org/GNOME/gnome-desktop/commit/83949ed5800ec99953f5ee8d2bf8b90a69daa850 (3.30)
Upstream:https://gitlab.gnome.org/GNOME/gnome-desktop/commit/a5475e97c30682c0867bd99b78e7fe600129871a (3.32)
More Information

Updated: 2019-05-27 16:14:59 UTC (commit 27628ccade23c41d56994884e3cc292bf13680df)