OPENSUSE-SU-2019:1697-1
Vulnerability Summary
Timeline
Description
Security update for gvfs This update for gvfs fixes the following issues: Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981). Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•gvfs&distro=openSUSE Leap 15.1
< 1.34.2.1-lp151.6.3.1
References (10)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L4KV772XYLUHPJGQBGWHWCYVYIXBAG2Y/#L4KV772XYLUHPJGQBGWHWCYVYIXBAG2Y
- https://bugzilla.suse.com/1125433
- https://bugzilla.suse.com/1136981
- https://bugzilla.suse.com/1136986
- https://bugzilla.suse.com/1136992
- https://bugzilla.suse.com/1137930
- https://www.suse.com/security/cve/CVE-2019-12447
- https://www.suse.com/security/cve/CVE-2019-12448
- https://www.suse.com/security/cve/CVE-2019-12449
- https://www.suse.com/security/cve/CVE-2019-12795