ELSA-2019-1517

Опубликовано: 30 июл. 2019

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2019-1517: gvfs security update (MODERATE)

[1.36.2-2.1]

CVE-2019-3827: Prevent access if any authentication agent isn't available (#1690470)

[1.36.2-2]

rebuild

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gvfs

1.36.2-2.el8_0.1

gvfs-client

1.36.2-2.el8_0.1

gvfs-devel

1.36.2-2.el8_0.1

gvfs-fuse

1.36.2-2.el8_0.1

gvfs-gphoto2

1.36.2-2.el8_0.1

gvfs-mtp

1.36.2-2.el8_0.1

gvfs-smb

1.36.2-2.el8_0.1

Oracle Linux x86_64

gvfs

1.36.2-2.el8_0.1

gvfs-afc

1.36.2-2.el8_0.1

gvfs-afp

1.36.2-2.el8_0.1

gvfs-archive

1.36.2-2.el8_0.1

gvfs-client

1.36.2-2.el8_0.1

gvfs-devel

1.36.2-2.el8_0.1

gvfs-fuse

1.36.2-2.el8_0.1

gvfs-goa

1.36.2-2.el8_0.1

gvfs-gphoto2

1.36.2-2.el8_0.1

gvfs-mtp

1.36.2-2.el8_0.1

gvfs-smb

1.36.2-2.el8_0.1

Связанные CVE

CVE-2019-3827

Ссылки на источники

Связанные уязвимости

CVE-2019-3827

CVSS3: 7

ubuntu

почти 7 лет назад

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.