Nautilus: Security bypass — GLSA 201908-27

A vulnerability in Nautilus may allow attackers to escape the sandbox.

Affected packages

Package 	gnome-base/nautilus on all architectures
Affected versions 	< 3.30.5-r1
Unaffected versions 	>= 3.30.5-r1

Background

Default file manager for the GNOME desktop

Description

A vulnerability was discovered in Nautilus which allows an attacker to escape the sandbox.

Impact

A local attacker could possibly bypass sandbox protection.

Workaround

There is no known workaround at this time.

Resolution

All Nautilus users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=gnome-base/nautilus-3.30.5-r1"
 

References

    CVE-2019-11461