Bug 1137001 – VUL-0: CVE-2019-12450: glib2: file_copy_fallback in gio/gfile.c does not properly restrict file permissions while a copy operation is in progress

Bug 1137001 - (CVE-2019-12450) VUL-0: CVE-2019-12450: glib2: file_copy_fallback in gio/gfile.c does not properly restrict file permissions while a copy operation is in progress

(CVE-2019-12450)
Summary:	VUL-0: CVE-2019-12450: glib2: file_copy_fallback in gio/gfile.c does not prop...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/233990/
Whiteboard:	CVSSv2:NVD:CVE-2019-12450:7.5:(AV:N/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-05-31 15:08 UTC by Alexandros Toptsoglou
Modified:	2019-09-04 05:56 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2019-05-31 15:08:46 UTC

CVE-2019-12450

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not
properly restrict file permissions while a copy operation is in progress.
Instead, default permissions are used.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174

Comment 1 Alexandros Toptsoglou 2019-05-31 16:10:16 UTC

All codestreams except for SLE10-SP3 tracked as affected. Fix is available at [1] 

[1] https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174

Comment 2 Alexandros Toptsoglou 2019-05-31 16:12:06 UTC

More information: 

too lax permissions while copy is in progress
file_copy_fallback creates the destination file with default umask,
copies the data, and only then sets up the correct owner, group and
mode. So files may be accessible to other users while the copy is
happening. In the 4 different program paths that create the destination
file (calls to _g_local_file_output_stream_replace,
_g_local_file_output_stream_create, g_file_replace, g_file_create),
none specify G_FILE_CREATE_PRIVATE. The first two at least copy the
mode from the source file, but that still results in a too lax file
permissions when the program has different credentials than the source
file, e.g.:

A user with uid:gid=foo:staff starts a copy of a file with mode 0660
and owned foo:privileged to a network mount. During the copy, everybody
in the 'staff' group gets access to the file instead of only people in
the 'privileged' group.

Comment 6 Swamp Workflow Management 2019-06-21 13:26:05 UTC

SUSE-SU-2019:1594-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1103678,1137001
CVE References: CVE-2019-12450
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    glib2-2.54.3-4.15.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    glib2-2.54.3-4.15.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    glib2-2.54.3-4.15.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    glib2-2.54.3-4.15.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    glib2-2.54.3-4.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Swamp Workflow Management 2019-06-21 13:50:53 UTC

SUSE-SU-2019:1596-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1107116,1107121,1111499,1137001
CVE References: CVE-2018-16428,CVE-2018-16429,CVE-2019-12450
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    glib2-2.38.2-7.9.2
SUSE Linux Enterprise Server 12-LTSS (src):    glib2-2.38.2-7.9.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2019-06-24 13:26:07 UTC

SUSE-SU-2019:14102-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1137001
CVE References: CVE-2019-12450
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    glib2-2.22.5-0.8.39.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    glib2-2.22.5-0.8.39.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    glib2-2.22.5-0.8.39.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    glib2-2.22.5-0.8.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2019-06-27 10:24:52 UTC

openSUSE-SU-2019:1650-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1103678,1137001
CVE References: CVE-2019-12450
Sources used:
openSUSE Leap 15.0 (src):    glib2-2.54.3-lp150.3.10.1

Comment 10 Swamp Workflow Management 2019-07-02 13:15:00 UTC

SUSE-SU-2019:1722-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1061599,1107116,1107121,1137001
CVE References: CVE-2018-16428,CVE-2018-16429,CVE-2019-12450
Sources used:
SUSE OpenStack Cloud 7 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Server 12-SP5 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Server 12-SP4 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Server 12-SP3 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Desktop 12-SP5 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    glib2-2.48.2-12.12.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    glib2-2.48.2-12.12.2
SUSE Enterprise Storage 4 (src):    glib2-2.48.2-12.12.2
SUSE CaaS Platform 3.0 (src):    glib2-2.48.2-12.12.2
OpenStack Cloud Magnum Orchestration 7 (src):    glib2-2.48.2-12.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Marcus Meissner 2019-09-04 05:56:28 UTC

released