SB2019090211 - Gentoo update for Nautilus
Published: September 2, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2019-11461)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper filtering of the TIOCSTI ioctl on 64-bit systems. A local authenticated attacker can compromise the thumbnailer and escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal.
Remediation
Install update from vendor's website.