Oval Definition:oval:org.opensuse.security:def:65384
Revision Date:2020-12-01Version:1
Title:Security update for gvfs (Important)
Description:

This update for gvfs fixes the following issues:

Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981).

Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433).
Family:unixClass:patch
Status:Reference(s):1125433
1136981
1136986
1136992
1137930
1145092
CVE-2019-10208
CVE-2019-12447
CVE-2019-12448
CVE-2019-12449
CVE-2019-12795
SUSE-SU-2019:1717-1
SUSE-SU-2019:2707-1
Platform(s):SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • gvfs-1.34.2.1-4.13 is installed
  • OR gvfs-32bit-1.34.2.1-4.13 is installed
    • BACK