advisories/24215.adv

type: security
subject: Updated gvfs packages fix security vulnerability
CVE:
 - CVE-2019-3827
src:
  6:
   core:
     - gvfs-1.32.1-1.1.mga6
description: |
  The backend currently allows to access and modify files without prompting
  for password if any polkit authentication agent isn't available. This
  affects only users which belong to wheel group (i.e. those who are already
  allowed to use sudo). It doesn't allow privilege escalation for users, who
  don't belong to that group (CVE-2019-3827).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24215
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y43CRGATQPYWH2UXO6ZS7PYPCSZGTGED/
 - https://usn.ubuntu.com/3888-1/
ID: MGASA-2019-0080
1	type: security
2	subject: Updated gvfs packages fix security vulnerability
3	CVE:
4	- CVE-2019-3827
5	src:
6	6:
7	core:
8	- gvfs-1.32.1-1.1.mga6
9	description: \|
10	The backend currently allows to access and modify files without prompting
11	for password if any polkit authentication agent isn't available. This
12	affects only users which belong to wheel group (i.e. those who are already
13	allowed to use sudo). It doesn't allow privilege escalation for users, who
14	don't belong to that group (CVE-2019-3827).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=24215
17	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y43CRGATQPYWH2UXO6ZS7PYPCSZGTGED/
18	- https://usn.ubuntu.com/3888-1/
19	ID: MGASA-2019-0080