gvfs-1.36.2-3.el7

エラータID: AXSA:2019-4036:01

Release date: 
Monday, August 19, 2019 - 14:58
Subject: 
gvfs-1.36.2-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer.

Security Fix(es):

* gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Solution: 

Update packages.

CVEs: 
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
Additional Info: 

N/A

Download: 

SRPMS
  1. gvfs-1.36.2-3.el7.src.rpm
    MD5: 48ef78ccac95ba8575ab507a9aba7aa2
    SHA-256: 9c37ab1330486ffabdf2ef0ab4ace8dbc1f6d64fe9a9da7fdd9fee11f8d44223
    Size: 1.24 MB

Asianux Server 7 for x86_64
  1. gvfs-1.36.2-3.el7.x86_64.rpm
    MD5: 03f2fd1b84de91359571785228fc22b3
    SHA-256: 447082053b66262690286d67e7cdcfcf5a4d17f193285c1bf67fe86c29fa9720
    Size: 352.55 kB
  2. gvfs-afc-1.36.2-3.el7.x86_64.rpm
    MD5: 35086d94d773619611bf7330b564821c
    SHA-256: 3433956838c88b3bd23551f95b11988c33a8d6aacd0688f651e2c650bacc6cd7
    Size: 73.16 kB
  3. gvfs-afp-1.36.2-3.el7.x86_64.rpm
    MD5: d1329ca02251b6c8f9950c02ec418c59
    SHA-256: 989bc04858a1bb50d924e09fbcab05e9d96e455211deafe03f1b2f2e0f81a006
    Size: 87.03 kB
  4. gvfs-archive-1.36.2-3.el7.x86_64.rpm
    MD5: b858a66883a360119a2110874e6fb00c
    SHA-256: a48ab022b55ff759704b0f0503d171f4f7e24163a57a8960066bd7251a4508e3
    Size: 40.87 kB
  5. gvfs-client-1.36.2-3.el7.x86_64.rpm
    MD5: 1521f32ac2d9899e9f19f9c186c89d20
    SHA-256: e244bb40d00d326883b2c806f2170e24df2616689cf64e3a9bae794c088b2834
    Size: 797.55 kB
  6. gvfs-devel-1.36.2-3.el7.x86_64.rpm
    MD5: 09d47cfbfdf55ecf6935eea5ab1c78f5
    SHA-256: a02d1fce95df28a82409fbc53feae4bd844bc3fb158d0860de998d65ce58db98
    Size: 28.82 kB
  7. gvfs-fuse-1.36.2-3.el7.x86_64.rpm
    MD5: f52d90d6a1f395abb883ebe839a696ae
    SHA-256: 31042bca5af98e116081c0db2712f76733e7112ad72d75fd3cc9abc108781147
    Size: 44.64 kB
  8. gvfs-goa-1.36.2-3.el7.x86_64.rpm
    MD5: 6b41cac159935342a8c1c2e18268550f
    SHA-256: 02b304c84058d749a125cb7509e8b1599b2d0b1974611950ec7cca82eded7e56
    Size: 77.03 kB
  9. gvfs-gphoto2-1.36.2-3.el7.x86_64.rpm
    MD5: 8c0e4b210b479e6739639366d734ed0b
    SHA-256: 6cc13dc02a48ae80f67fad4a83b801a7b7e28ff07c71c8666b5fc15755c0d0f9
    Size: 76.81 kB
  10. gvfs-mtp-1.36.2-3.el7.x86_64.rpm
    MD5: 5031fc76ea3b1a83a99acf6a2f81031e
    SHA-256: 00a78da426aaa3576a9cc4fd4564bb25a1818372cbce790388dd412964a6b199
    Size: 76.69 kB
  11. gvfs-smb-1.36.2-3.el7.x86_64.rpm
    MD5: 85811ea5c186e34a2bc3e6d1de1d6427
    SHA-256: 9c0eaf33e0c0e79012f7b2b2c8ce99801a5bc1cbb52a2219106f53dec7007f49
    Size: 58.71 kB
  12. gvfs-1.36.2-3.el7.i686.rpm
    MD5: bda3d410bd7eb7a9069147ff844ca32f
    SHA-256: 6a6225056556b41fad923fe91ba35927d3ff07fe67bcbf508e14b89eff1a6ca4
    Size: 349.54 kB
  13. gvfs-client-1.36.2-3.el7.i686.rpm
    MD5: a8da495195ef629b699b7ea6ae0e2767
    SHA-256: b79990c1f2cdedb192270c83f32dfb478c083df3a143922e73170d8e255fd32a
    Size: 796.78 kB
  14. gvfs-devel-1.36.2-3.el7.i686.rpm
    MD5: c6a72bcbb09e911e4c28fa6d99cebe0a
    SHA-256: f2ebc8b9430b94bac308d47f8cadcc9452a4c68e2c123f1b1cca9385822132ba
    Size: 28.86 kB