| Revision Date: | 2019-04-22 | Version: | 1 | | Title: | CVE-2019-11461 on Ubuntu 16.04 LTS (xenial) - medium. | | Description: | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-11461
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT gir1.2-nautilus-3.0 package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libnautilus-extension1a package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT nautilus package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT nautilus-data package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
|
|