PT-2019-12321 · Gnome+2 · Gnome-Desktop+2

Published

2019-04-22

Updated

2024-06-15

CVE-2019-11460

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNOME gnome-desktop versions 3.26 through 3.30.2.1 GNOME gnome-desktop versions 3.32 through 3.32.1.0

Description The issue allows a compromised thumbnailer to escape the bubblewrap sandbox by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal. This is possible due to improper filtering of the TIOCSTI ioctl on 64-bit systems.

Recommendations For GNOME gnome-desktop versions 3.26 through 3.30.2.1, update to version 3.30.2.2 or later. For GNOME gnome-desktop versions 3.32 through 3.32.1.0, update to version 3.32.1.1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-11460

OPENSUSE-SU-2019:2038-1

OPENSUSE-SU-2019_2038-1

OPENSUSE-SU-2022_3837-1

OPENSUSE-SU-2024:10796-1

SUSE-SU-2019:2185-1

SUSE-SU-2019_2185-1

SUSE-SU-2022:3837-1

USN-3994-1

Affected Products

Suse

Ubuntu

Gnome-Desktop

PT-2019-12321 · Gnome+2 · Gnome-Desktop+2

CVE-2019-11460

Weakness Enumeration

Related Identifiers

Affected Products

References · 36