Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

SUSE: 2019:1717-1 Critical Update: Gvfs Vulnerability Local Attack Patch

suse
Calendar Grey July 1, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for gvfs _____________________________________________________
An update that solves four vulnerabilities and has one errata is now available

Summary

This update for gvfs fixes the following issues: Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981). Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

References

#1125433 #1136981 #1136986 #1136992 #1137930

Cross- CVE-2019-12447 CVE-2019-12448 CVE-2019-12449

CVE-2019-12795

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15

https://www.suse.com/security/cve/CVE-2019-12447.html

https://www.suse.com/security/cve/CVE-2019-12448.html

https://www.suse.com/security/cve/CVE-2019-12449.html

https://www.suse.com/security/cve/CVE-2019-12795.html

https://bugzilla.suse.com/1125433

https://bugzilla.suse.com/1136981

https://bugzilla.suse.com/1136986

https://bugzilla.suse.com/1136992

https://bugzilla.suse.com/1137930

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:1717-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.