gvfs-1.36.2-3.el7
エラータID: AXSA:2019-4036:01
リリース日:
2019/08/19 Monday - 14:58
題名:
gvfs-1.36.2-3.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- gvsf には、不正確なパーミッション確認の問題により、認証エージェントが
動作していない場合において、権限のあるユーザーが、パスワードを問われる
ことなく、任意のファイルを読みとる、あるいは書き換えることが可能な
脆弱性があります。この脆弱性は、wheel グループに属するユーザーの
権限で悪意のあるプログラムを動作させることにより、ユーザーに知ら
れることなくシステムファイルを改竄し、権限を拡大する可能性があります。
攻撃の成功には一般的でないシステム設定を必要とします。(CVE-2019-3827)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
追加情報:
N/A
ダウンロード:
SRPMS
- gvfs-1.36.2-3.el7.src.rpm
MD5: 48ef78ccac95ba8575ab507a9aba7aa2
SHA-256: 9c37ab1330486ffabdf2ef0ab4ace8dbc1f6d64fe9a9da7fdd9fee11f8d44223
Size: 1.24 MB
Asianux Server 7 for x86_64
- gvfs-1.36.2-3.el7.x86_64.rpm
MD5: 03f2fd1b84de91359571785228fc22b3
SHA-256: 447082053b66262690286d67e7cdcfcf5a4d17f193285c1bf67fe86c29fa9720
Size: 352.55 kB - gvfs-afc-1.36.2-3.el7.x86_64.rpm
MD5: 35086d94d773619611bf7330b564821c
SHA-256: 3433956838c88b3bd23551f95b11988c33a8d6aacd0688f651e2c650bacc6cd7
Size: 73.16 kB - gvfs-afp-1.36.2-3.el7.x86_64.rpm
MD5: d1329ca02251b6c8f9950c02ec418c59
SHA-256: 989bc04858a1bb50d924e09fbcab05e9d96e455211deafe03f1b2f2e0f81a006
Size: 87.03 kB - gvfs-archive-1.36.2-3.el7.x86_64.rpm
MD5: b858a66883a360119a2110874e6fb00c
SHA-256: a48ab022b55ff759704b0f0503d171f4f7e24163a57a8960066bd7251a4508e3
Size: 40.87 kB - gvfs-client-1.36.2-3.el7.x86_64.rpm
MD5: 1521f32ac2d9899e9f19f9c186c89d20
SHA-256: e244bb40d00d326883b2c806f2170e24df2616689cf64e3a9bae794c088b2834
Size: 797.55 kB - gvfs-devel-1.36.2-3.el7.x86_64.rpm
MD5: 09d47cfbfdf55ecf6935eea5ab1c78f5
SHA-256: a02d1fce95df28a82409fbc53feae4bd844bc3fb158d0860de998d65ce58db98
Size: 28.82 kB - gvfs-fuse-1.36.2-3.el7.x86_64.rpm
MD5: f52d90d6a1f395abb883ebe839a696ae
SHA-256: 31042bca5af98e116081c0db2712f76733e7112ad72d75fd3cc9abc108781147
Size: 44.64 kB - gvfs-goa-1.36.2-3.el7.x86_64.rpm
MD5: 6b41cac159935342a8c1c2e18268550f
SHA-256: 02b304c84058d749a125cb7509e8b1599b2d0b1974611950ec7cca82eded7e56
Size: 77.03 kB - gvfs-gphoto2-1.36.2-3.el7.x86_64.rpm
MD5: 8c0e4b210b479e6739639366d734ed0b
SHA-256: 6cc13dc02a48ae80f67fad4a83b801a7b7e28ff07c71c8666b5fc15755c0d0f9
Size: 76.81 kB - gvfs-mtp-1.36.2-3.el7.x86_64.rpm
MD5: 5031fc76ea3b1a83a99acf6a2f81031e
SHA-256: 00a78da426aaa3576a9cc4fd4564bb25a1818372cbce790388dd412964a6b199
Size: 76.69 kB - gvfs-smb-1.36.2-3.el7.x86_64.rpm
MD5: 85811ea5c186e34a2bc3e6d1de1d6427
SHA-256: 9c0eaf33e0c0e79012f7b2b2c8ce99801a5bc1cbb52a2219106f53dec7007f49
Size: 58.71 kB - gvfs-1.36.2-3.el7.i686.rpm
MD5: bda3d410bd7eb7a9069147ff844ca32f
SHA-256: 6a6225056556b41fad923fe91ba35927d3ff07fe67bcbf508e14b89eff1a6ca4
Size: 349.54 kB - gvfs-client-1.36.2-3.el7.i686.rpm
MD5: a8da495195ef629b699b7ea6ae0e2767
SHA-256: b79990c1f2cdedb192270c83f32dfb478c083df3a143922e73170d8e255fd32a
Size: 796.78 kB - gvfs-devel-1.36.2-3.el7.i686.rpm
MD5: c6a72bcbb09e911e4c28fa6d99cebe0a
SHA-256: f2ebc8b9430b94bac308d47f8cadcc9452a4c68e2c123f1b1cca9385822132ba
Size: 28.86 kB