Oval Definition:oval:org.opensuse.security:def:51227
Revision Date:2020-12-01Version:1
Title:Security update for gvfs (Important)
Description:

This update for gvfs fixes the following issues:

Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981).

Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433).
Family:unixClass:patch
Status:Reference(s):1046303
1048942
1051510
1055186
1058115
1065600
1065729
1071995
1078248
1082635
1083647
1085030
1089644
1090888
1091041
1094244
1103098
1104427
1108043
1112039
1113722
1114279
1115026
1117169
1120163
1120853
1125433
1127371
1131107
1132728
1132729
1132732
1132734
1133021
1134718
1136109
1136666
1136981
1136986
1136992
1137930
1138039
1138301
1138302
1138303
1140948
1142095
1143706
1143959
1144333
1146519
1146544
1149032
1149448
1149841
1150466
1151021
1151548
1151900
1152148
1152472
1152489
1152631
1152782
1153274
1153628
1153681
1153811
1154043
1154058
1154124
1154353
1154355
1154488
1154492
1154526
1154824
1154956
1155021
1155331
1155334
1155518
1155689
1155692
1155798
1155836
1155897
1155921
1156187
1156258
1156259
1156353
1156395
1156429
1156462
1156466
1156471
1156494
1156609
1156700
1156729
1156882
1157038
1157042
1157070
1157143
1157145
1157158
1157162
1157169
1157171
1157173
1157178
1157180
1157182
1157183
1157184
1157191
1157193
1157197
1157298
1157303
1157307
1157324
1157333
1157424
1157463
1157499
1157678
1157698
1157778
1157853
1157908
1158049
1158063
1158064
1158065
1158066
1158067
1158068
1158082
1158094
1158132
1158381
1158394
1158398
1158407
1158410
1158413
1158417
1158427
1158445
1158533
1158637
1158638
1158639
1158640
1158641
1158643
1158644
1158645
1158646
1158647
1158649
1158651
1158652
1158823
1158824
1158827
1158834
1158893
1158900
1158903
1158904
1158954
1159024
1159058
1159297
1160634
1167527
1167773
1169790
1170232
1170774
1171000
1171068
1171073
1171558
1171634
1171688
1171742
1172108
1172197
1172247
1172418
1172419
1172466
1172515
1172745
1172757
1172871
1172873
1172963
1173017
1173060
1173115
1173267
1173468
1173485
1173746
1173798
1173813
1173954
1174002
1174003
1174026
1174029
1174110
1174111
1174205
1174247
1174358
1174362
1174387
1174421
1174484
1174486
1174625
1174645
1174689
1174699
1174737
1174757
1174762
1174770
1174771
1174777
1174805
1174824
1174825
1174852
1174865
1174880
1174897
1174899
1174906
1174969
1175009
1175010
1175011
1175012
1175013
1175014
1175015
1175016
1175017
1175018
1175019
1175020
1175021
1175052
1175112
1175116
1175128
1175149
1175175
1175176
1175180
1175181
1175182
1175183
1175184
1175185
1175186
1175187
1175188
1175189
1175190
1175191
1175192
1175195
1175199
1175213
1175232
1175263
1175284
1175296
1175344
1175345
1175346
1175347
1175367
1175377
1175440
1175493
1175546
1175550
1175654
1175667
1175691
1175718
1175749
1175768
1175769
1175770
1175771
1175772
1175774
1175775
1175787
1175834
1175873
1175882
1175952
1175996
1175997
1175998
1175999
1176000
1176001
1176019
1176022
1176038
1176063
1176137
1176235
1176236
1176237
1176242
1176278
1176315
1176357
1176358
1176359
1176360
1176361
1176362
1176363
1176364
1176365
1176366
1176367
1176381
1176423
1176449
1176482
1176486
1176507
1176536
1176537
1176538
1176539
1176540
1176541
1176542
1176544
1176545
1176546
1176548
1176558
1176559
1176587
1176588
1176659
1176698
1176699
1176700
1176721
1176722
1176725
1176732
1176763
1176775
1176788
1176789
1176833
1176869
1176877
1176925
1176962
1176980
1176990
1177021
1177030
1177409
1177412
1177413
1177414
CVE-2006-4484
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
CVE-2010-0624
CVE-2010-4494
CVE-2011-1944
CVE-2012-5134
CVE-2013-0338
CVE-2013-1969
CVE-2014-0191
CVE-2014-3230
CVE-2018-18386
CVE-2018-5391
CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-10245
CVE-2019-12447
CVE-2019-12448
CVE-2019-12449
CVE-2019-12795
CVE-2019-14835
CVE-2019-14895
CVE-2019-14901
CVE-2019-15213
CVE-2019-15916
CVE-2019-16231
CVE-2019-17055
CVE-2019-18660
CVE-2019-18683
CVE-2019-18805
CVE-2019-18808
CVE-2019-18809
CVE-2019-19049
CVE-2019-19051
CVE-2019-19052
CVE-2019-19056
CVE-2019-19057
CVE-2019-19058
CVE-2019-19060
CVE-2019-19062
CVE-2019-19063
CVE-2019-19065
CVE-2019-19066
CVE-2019-19067
CVE-2019-19068
CVE-2019-19073
CVE-2019-19074
CVE-2019-19075
CVE-2019-19077
CVE-2019-19227
CVE-2019-19332
CVE-2019-19338
CVE-2019-19523
CVE-2019-19524
CVE-2019-19525
CVE-2019-19526
CVE-2019-19527
CVE-2019-19528
CVE-2019-19529
CVE-2019-19530
CVE-2019-19531
CVE-2019-19532
CVE-2019-19533
CVE-2019-19534
CVE-2019-19535
CVE-2019-19536
CVE-2019-19537
CVE-2019-19543
CVE-2019-19767
CVE-2019-2602
CVE-2019-2684
CVE-2019-2697
CVE-2019-2698
CVE-2020-0404
CVE-2020-0427
CVE-2020-0431
CVE-2020-0432
CVE-2020-0543
CVE-2020-0548
CVE-2020-0549
CVE-2020-14314
CVE-2020-14331
CVE-2020-14356
CVE-2020-14385
CVE-2020-14390
CVE-2020-15705
CVE-2020-16166
CVE-2020-17507
CVE-2020-25212
CVE-2020-25284
CVE-2020-26088
CVE-2020-27670
CVE-2020-27671
CVE-2020-27672
CVE-2020-27673
SUSE-SU-2018:3880-1
SUSE-SU-2019:1308-1
SUSE-SU-2019:1637-1
SUSE-SU-2019:1717-1
SUSE-SU-2019:3381-1
SUSE-SU-2020:2303-1
SUSE-SU-2020:2486-1
SUSE-SU-2020:2741-1
SUSE-SU-2020:2879-1
SUSE-SU-2020:3049-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Legacy Software 15 SP2
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Live Patching 15 SP2
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • acroread-9.5.5-0.5.5 is installed
  • OR acroread-cmaps-9.4.6-0.4.5 is installed
  • OR acroread-fonts-ja-9.4.6-0.4.5 is installed
  • OR acroread-fonts-ko-9.4.6-0.4.5 is installed
  • OR acroread-fonts-zh_CN-9.4.6-0.4.5 is installed
  • OR acroread-fonts-zh_TW-9.4.6-0.4.5 is installed
  • OR acroread_ja-9.4.2-0.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • augeas-0.9.0-3.17 is installed
  • OR libaugeas0-0.9.0-3.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • cpio-2.11-26 is installed
  • OR cpio-lang-2.11-26 is installed
  • OR tar-1.27.1-2 is installed
  • OR tar-lang-1.27.1-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND libarchive13-3.1.2-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND libgadu3-1.11.4-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • gpgme-1.5.1-1 is installed
  • OR libgpgme11-1.5.1-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND cifs-utils-6.5-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • gvfs-1.34.2.1-4.13 is installed
  • OR gvfs-backend-afc-1.34.2.1-4.13 is installed
  • OR gvfs-backend-samba-1.34.2.1-4.13 is installed
  • OR gvfs-backends-1.34.2.1-4.13 is installed
  • OR gvfs-devel-1.34.2.1-4.13 is installed
  • OR gvfs-fuse-1.34.2.1-4.13 is installed
  • OR gvfs-lang-1.34.2.1-4.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.24 is installed
  • OR reiserfs-kmp-default-5.3.18-24.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-23-default-6-16 is installed
  • OR kernel-livepatch-SLE15_Update_0-6-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-195-default-6-16 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_0-6-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.12 is installed
  • OR kernel-default-livepatch-5.3.18-24.12 is installed
  • OR kernel-default-livepatch-devel-5.3.18-24.12 is installed
  • OR kernel-livepatch-5_3_18-24_12-default-1-5.3 is installed
  • OR kernel-livepatch-SLE15-SP2_Update_2-1-5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • libvirt-4.0.0-9.27 is installed
  • OR libvirt-admin-4.0.0-9.27 is installed
  • OR libvirt-client-4.0.0-9.27 is installed
  • OR libvirt-daemon-4.0.0-9.27 is installed
  • OR libvirt-daemon-config-network-4.0.0-9.27 is installed
  • OR libvirt-daemon-config-nwfilter-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-interface-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-libxl-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-lxc-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-network-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-nodedev-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-nwfilter-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-qemu-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-secret-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-core-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-disk-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-iscsi-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-logical-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-mpath-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-rbd-4.0.0-9.27 is installed
  • OR libvirt-daemon-driver-storage-scsi-4.0.0-9.27 is installed
  • OR libvirt-daemon-hooks-4.0.0-9.27 is installed
  • OR libvirt-daemon-lxc-4.0.0-9.27 is installed
  • OR libvirt-daemon-qemu-4.0.0-9.27 is installed
  • OR libvirt-daemon-xen-4.0.0-9.27 is installed
  • OR libvirt-devel-4.0.0-9.27 is installed
  • OR libvirt-doc-4.0.0-9.27 is installed
  • OR libvirt-lock-sanlock-4.0.0-9.27 is installed
  • OR libvirt-nss-4.0.0-9.27 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • xen-4.13.1_10-3.13 is installed
  • OR xen-devel-4.13.1_10-3.13 is installed
  • OR xen-tools-4.13.1_10-3.13 is installed
  • OR xen-tools-xendomains-wait-disk-4.13.1_10-3.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • e2fsprogs-1.42.11-7 is installed
  • OR libcom_err2-1.42.11-7 is installed
  • OR libcom_err2-32bit-1.42.11-7 is installed
  • OR libext2fs2-1.42.11-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_40-default-2-3 is installed
  • OR kgraft-patch-3_12_74-60_64_40-xen-2-3 is installed
  • OR kgraft-patch-SLE12-SP1_Update_15-2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND ctags-5.8-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.46 is installed
  • OR openssl-1.0.2j-60.46 is installed
  • OR openssl-doc-1.0.2j-60.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • curl-7.37.0-37.23 is installed
  • OR libcurl4-7.37.0-37.23 is installed
  • OR libcurl4-32bit-7.37.0-37.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_56-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_17-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • expat-2.1.0-20 is installed
  • OR libexpat1-2.1.0-20 is installed
  • OR libexpat1-32bit-2.1.0-20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_162-94_69-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_21-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_140-94_42-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_15-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.79 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.79 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.79 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND ctags-5.8-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND ucode-intel-20200602-3.43 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND Package Information
  • grub2-2.02-19.56 is installed
  • OR grub2-i386-pc-2.02-19.56 is installed
  • OR grub2-powerpc-ieee1275-2.02-19.56 is installed
  • OR grub2-snapper-plugin-2.02-19.56 is installed
  • OR grub2-systemd-sleep-plugin-2.02-19.56 is installed
  • OR grub2-x86_64-efi-2.02-19.56 is installed
  • OR grub2-x86_64-xen-2.02-19.56 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.13-28.26 is installed
  • OR libpython2_7-1_0-32bit-2.7.13-28.26 is installed
  • OR python-2.7.13-28.26 is installed
  • OR python-32bit-2.7.13-28.26 is installed
  • OR python-base-2.7.13-28.26 is installed
  • OR python-base-32bit-2.7.13-28.26 is installed
  • OR python-curses-2.7.13-28.26 is installed
  • OR python-demo-2.7.13-28.26 is installed
  • OR python-devel-2.7.13-28.26 is installed
  • OR python-doc-2.7.13-28.26 is installed
  • OR python-doc-pdf-2.7.13-28.26 is installed
  • OR python-gdbm-2.7.13-28.26 is installed
  • OR python-idle-2.7.13-28.26 is installed
  • OR python-tk-2.7.13-28.26 is installed
  • OR python-xml-2.7.13-28.26 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND squid-3.5.21-26.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • glib2-2.48.2-12.15 is installed
  • OR glib2-lang-2.48.2-12.15 is installed
  • OR glib2-tools-2.48.2-12.15 is installed
  • OR libgio-2_0-0-2.48.2-12.15 is installed
  • OR libgio-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libglib-2_0-0-2.48.2-12.15 is installed
  • OR libglib-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
    • BACK