ELSA-2019-2145

Опубликовано: 13 авг. 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-2145: gvfs security and bug fix update (MODERATE)

[1.36.2-3]

Force NT1 protocol version for workgroup support (#1619719)

[1.36.2-2]

Prevent spawning new daemons if outgoing operation exists (#1632960)
CVE-2019-3827: Prevent access if any authentication agent isnt available (#1673887)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

gvfs

1.36.2-3.el7

gvfs-afc

1.36.2-3.el7

gvfs-afp

1.36.2-3.el7

gvfs-archive

1.36.2-3.el7

gvfs-client

1.36.2-3.el7

gvfs-devel

1.36.2-3.el7

gvfs-fuse

1.36.2-3.el7

gvfs-goa

1.36.2-3.el7

gvfs-gphoto2

1.36.2-3.el7

gvfs-mtp

1.36.2-3.el7

gvfs-smb

1.36.2-3.el7

gvfs-tests

1.36.2-3.el7

Oracle Linux x86_64

gvfs

1.36.2-3.el7

gvfs-afc

1.36.2-3.el7

gvfs-afp

1.36.2-3.el7

gvfs-archive

1.36.2-3.el7

gvfs-client

1.36.2-3.el7

gvfs-devel

1.36.2-3.el7

gvfs-fuse

1.36.2-3.el7

gvfs-goa

1.36.2-3.el7

gvfs-gphoto2

1.36.2-3.el7

gvfs-mtp

1.36.2-3.el7

gvfs-smb

1.36.2-3.el7

gvfs-tests

1.36.2-3.el7

Связанные CVE

CVE-2019-3827

Ссылки на источники

Связанные уязвимости

CVE-2019-3827

CVSS3: 7

ubuntu

почти 7 лет назад

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.