This bug was fixed in the package gvfs - 1.36.1-0ubuntu1.2
---
gvfs (1.36.1-0ubuntu1.2) bionic; urgency=medium
* debian/patches/git_smb_writing.patch:
- Use O_RDWR to fix fstat when writing (lp: #1803158)
* debian/patches/git_invalid_autorun.patch:
- common: Prevent crashe
This bug was fixed in the package gvfs - 1.38.1-0ubuntu1.1
---
gvfs (1.38.1-0ubuntu1.1) cosmic; urgency=medium
* debian/patches/series:
- include git_invalid_autorun.patch which was mentioned in
the previous upload but not added to the serie
gvfs (1.38.1-0ubuntu1) cosmic;
Tested the new version in cosmic-proposed on an up-to-date cosmic VM by
inserting a USB drive with the attached autorun.inf and it passes.
Steps to test locally as follows:
1. Enabled cosmic-proposed
2. sudo apt-get dist-upgrade
3. sudo reboot
On next boot with the autorun.inf on a local USB dri
Hello Alex, or anyone else affected,
Accepted gvfs into cosmic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/gvfs/1.38.1-0ubuntu1.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.u
@amurray, thx, indeed the patch is missing from the serie on cosmic, I
did another upload to fix that one
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798725
Title:
gvfs may crash when parsing non
Tested the version from bionic-proposed in an up-to-date VM and it
passed
Steps to test locally as follows:
1. Enabled bionic-proposed
2. sudo apt-get dist-upgrade
3. sudo reboot
On next boot with the autorun.inf on a local USB drive:
$ dmesg | grep gvfs
$ apt-cache policy gvfs
gvfs:
Installe
Tested the version from cosmic-proposed in an up-to-date VM and it
failed - looks like this is not actually applied during the build - see
the build log https://launchpadlibrarian.net/398362236/buildlog_ubuntu-
cosmic-amd64.gvfs_1.38.1-0ubuntu1_BUILDING.txt.gz and notice it is never
listed during u
Hello Alex, or anyone else affected,
Accepted gvfs into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/gvfs/1.36.1-0ubuntu1.2
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.u
Hello Alex, or anyone else affected,
Accepted gvfs into cosmic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/gvfs/1.38.1-0ubuntu1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubu
This bug was fixed in the package gvfs - 1.38.1-1ubuntu2
---
gvfs (1.38.1-1ubuntu2) disco; urgency=medium
* d/p/common-Prevent-crashes-on-invalid-autorun-file.patch:
- common: Prevent crashes on invalid autorun file (lp: #1798725)
-- Sebastien Bacher Tue, 13 Nov 2018 22:18:5
@Seb - also I rebuilt gvfs locally for bionic with that upstream patch
added and can confirm it does not segfault after that - would be happy
to test your SRUd version and confirm it as well if needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
@Seb - so there is an autorun.inf in the original tarball which can be
used (I will attach it separately here as well) - and this reproduces
the crash for me - I just copied it to a FAT formatted USB drive,
plugged it in and then in dmesg:
[ 40.361136] gvfs-udisks2-vo[1563]: segfault at 7f3c60a4
@Alex, I've uploaded to disco and since I was doing a SRU for
cosmic/bionic I included it there, would be nice if you could help with
a better testcase though?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
** Description changed:
+ * Impact
+
+ gvfs can be made to segfault by being provided an invalid autorun.inf
+
+ * Test Case
+
+ Use the proof of concept from bellow to generate an invalid autorun.inf
+ and place it on an usb drive, connect the drive to the computer, gvfs
+ shouldn't hit a segf
** Changed in: gvfs (Ubuntu)
Importance: Undecided => High
** Changed in: gvfs (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798725
Title:
gvf
>From what I understand,
1) autorun.inf files can be written to automatically execute a program.
However, they still need to get user approval through a "Do you trust this
program?" kind of message.
2) According to upstream comment, "By setting PCRE_NO_UTF8_CHECK you are
guaranteeing that the s
What does an autorun.inf file do?
If an autorun.inf file can tell gvfs to execute something directly, then
it's probably not too critical that a malicious one can cause memory
errors in gvfs. It could probably just have an evil payload as a
command.
Thanks
--
You received this bug notification
17 matches
Mail list logo