CVE-2019-12450: glib2: file_copy_fallback does not restrict file permissions
Bug #1902995 reported by
Ghada Khalil
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Michel Thebeau [WIND] |
Bug Description
CVE-2019-12450: glib2: file_copy_fallback does not restrict file permissions
CVSSv2: 7.5 (AV:N/AC:
Description:
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
References:
https:/
https:/
https:/
Required package version:
glib2-2.56.1-7.el7
CVE References
To post a comment you must log in.
Applicable to stx master (aka stx.5.0) as well as stx.4.0.
The process is to address the CVE in stx master first and then cherrypick to the appropriate release branches after some soak time.