Parent Directory | Revision Log
MGASA-2019-0080: gvfs-1.32.1-1.1.mga6
1 | type: security |
2 | subject: Updated gvfs packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2019-3827 |
5 | src: |
6 | 6: |
7 | core: |
8 | - gvfs-1.32.1-1.1.mga6 |
9 | description: | |
10 | The backend currently allows to access and modify files without prompting |
11 | for password if any polkit authentication agent isn't available. This |
12 | affects only users which belong to wheel group (i.e. those who are already |
13 | allowed to use sudo). It doesn't allow privilege escalation for users, who |
14 | don't belong to that group (CVE-2019-3827). |
15 | references: |
16 | - https://bugs.mageia.org/show_bug.cgi?id=24215 |
17 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y43CRGATQPYWH2UXO6ZS7PYPCSZGTGED/ |
18 | - https://usn.ubuntu.com/3888-1/ |
19 | ID: MGASA-2019-0080 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |