A vulnerability in gvfs causing crash was found. When given URI, path_equal tries to unescape path before comparing. This function is used also for already unescaped paths, therefore unescaping can fail, which might lead to DoS. Upstream patches: master: https://git.gnome.org/browse/gvfs/commit/?id=f81ff2108ab3b6e370f20dcadd8708d23f499184 gnome-3-14: https://git.gnome.org/browse/gvfs/commit/?id=abc69427fc9985f6bc1ebe9a14d645f4805deca4 gnome-3-12: https://git.gnome.org/browse/gvfs/commit/?id=0abdd97989d5274d84017490aff3bf07a71fd672 CVE request: http://seclists.org/oss-sec/2015/q4/39
Created gvfs tracking bugs for this issue: Affects: fedora-all [bug 1269859]
It seems to me that the bug is already fixed for all maintained Fedora versions, so please recheck. The bug has been fixed in 1.23.90 upstream version by the mentioned patch. Fedora 22 and newer using newer versions of gvfs, so the fix is included... It has been already fixed for Fedora 21 by the following update: gvfs-1.22.4-1.fc21
You're right! Closing Fedora tracking bug as NOTABUG.
In the upstream gnome bug, Ondrej mentioned that this was probably introduced via https://bugzilla.gnome.org/attachment.cgi?id=295112&action=diff This change never made it into RHEL6 or RHEL7, thus they should not be affected.