CVE-2019-13012 (retired)

Priority
Description
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0
creates directories using g_file_make_directory_with_parents (kfsb->dir,
NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents,
length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).
Consequently, it does not properly restrict directory (and file)
permissions. Instead, for directories, 0777 permissions are used; for
files, default file permissions are used. This is similar to
CVE-2019-12450.
Assigned-to
leosilva
Package
Upstream:released (2.59.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.32.4-0ubuntu1.4)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.40.2-0ubuntu1.1+esm3)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.48.2-0ubuntu4.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.56.4-0ubuntu0.18.04.4)
Ubuntu 19.04 (Disco Dingo):not-affected (2.60.4-0ubuntu0.19.04.1)
Ubuntu 19.10 (Eoan):not-affected (2.60.4-1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429
Upstream:https://gitlab.gnome.org/GNOME/glib/commit/54317c9118bfffa4e9390945f88e63addc1cb69c
More Information

Updated: 2019-08-06 13:14:55 UTC (commit 957f6e5bbe650520abdc7a1d0ae59eff5f07f423)