Oval Definition:oval:org.opensuse.security:def:104166
Revision Date:2019-07-01Version:1
Title:Security update for gvfs (Important)
Description:

This update for gvfs fixes the following issues:

Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981).

Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433).
Family:unixClass:patch
Status:Reference(s):1125433
1136981
1136986
1136992
1137930
CVE-2019-12447
CVE-2019-12448
CVE-2019-12449
CVE-2019-12795
SUSE-SU-2019:1717-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • gvfs-1.34.2.1-4.13.1 is installed
  • OR gvfs-backend-afc-1.34.2.1-4.13.1 is installed
  • OR gvfs-backend-samba-1.34.2.1-4.13.1 is installed
  • OR gvfs-backends-1.34.2.1-4.13.1 is installed
  • OR gvfs-devel-1.34.2.1-4.13.1 is installed
  • OR gvfs-fuse-1.34.2.1-4.13.1 is installed
  • OR gvfs-lang-1.34.2.1-4.13.1 is installed
    • BACK