Описание
Security update for gvfs
This update for gvfs fixes the following issues:
Security vulnerability fixed:
- CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
gvfs-1.34.2.1-4.6.1
gvfs-backend-afc-1.34.2.1-4.6.1
gvfs-backend-samba-1.34.2.1-4.6.1
gvfs-backends-1.34.2.1-4.6.1
gvfs-devel-1.34.2.1-4.6.1
gvfs-fuse-1.34.2.1-4.6.1
gvfs-lang-1.34.2.1-4.6.1
Ссылки
- Link for SUSE-SU-2019:0438-1
- E-Mail link for SUSE-SU-2019:0438-1
- SUSE Security Ratings
- SUSE Bug 1125084
- SUSE CVE CVE-2019-3827 page
Описание
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:gvfs-1.34.2.1-4.6.1
SUSE Linux Enterprise Module for Desktop Applications 15:gvfs-backend-afc-1.34.2.1-4.6.1
SUSE Linux Enterprise Module for Desktop Applications 15:gvfs-backend-samba-1.34.2.1-4.6.1
SUSE Linux Enterprise Module for Desktop Applications 15:gvfs-backends-1.34.2.1-4.6.1
Ссылки
- CVE-2019-3827
- SUSE Bug 1125084