| Revision Date: | 2019-04-22 | Version: | 1 | | Title: | CVE-2019-11461 on Ubuntu 18.10 (cosmic) - medium. | | Description: | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-11461
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
NOT gir1.2-nautilus-3.0 package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libnautilus-extension1a package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT nautilus package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT nautilus-data package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
|
|