Описание
Security update for gvfs
This update for gvfs fixes the following issues:
Security vulnerability fixed:
- CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
gvfs-1.34.2.1-lp150.3.6.1
gvfs-32bit-1.34.2.1-lp150.3.6.1
gvfs-backend-afc-1.34.2.1-lp150.3.6.1
gvfs-backend-samba-1.34.2.1-lp150.3.6.1
gvfs-backends-1.34.2.1-lp150.3.6.1
gvfs-devel-1.34.2.1-lp150.3.6.1
gvfs-fuse-1.34.2.1-lp150.3.6.1
gvfs-lang-1.34.2.1-lp150.3.6.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0261-1
- SUSE Security Ratings
- SUSE Bug 1125084
- SUSE CVE CVE-2019-3827 page
Описание
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
Затронутые продукты
openSUSE Leap 15.0:gvfs-1.34.2.1-lp150.3.6.1
openSUSE Leap 15.0:gvfs-32bit-1.34.2.1-lp150.3.6.1
openSUSE Leap 15.0:gvfs-backend-afc-1.34.2.1-lp150.3.6.1
openSUSE Leap 15.0:gvfs-backend-samba-1.34.2.1-lp150.3.6.1
Ссылки
- CVE-2019-3827
- SUSE Bug 1125084