CentOS ProjectCESA-2019:2145gvfs security update
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.8%
CentOS Errata and Security Advisory CESA-2019:2145
GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer.
Security Fix(es):
- gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032167.html
Affected packages:
gvfs
gvfs-afc
gvfs-afp
gvfs-archive
gvfs-client
gvfs-devel
gvfs-fuse
gvfs-goa
gvfs-gphoto2
gvfs-mtp
gvfs-smb
gvfs-tests
Upstream details at:
https://access.redhat.com/errata/RHSA-2019:2145
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | i686 | gvfs | < 1.36.2-3.el7 | gvfs-1.36.2-3.el7.i686.rpm |
| CentOS | 7 | x86_64 | gvfs | < 1.36.2-3.el7 | gvfs-1.36.2-3.el7.x86_64.rpm |
| CentOS | 7 | x86_64 | gvfs-afc | < 1.36.2-3.el7 | gvfs-afc-1.36.2-3.el7.x86_64.rpm |
| CentOS | 7 | x86_64 | gvfs-afp | < 1.36.2-3.el7 | gvfs-afp-1.36.2-3.el7.x86_64.rpm |
| CentOS | 7 | x86_64 | gvfs-archive | < 1.36.2-3.el7 | gvfs-archive-1.36.2-3.el7.x86_64.rpm |
| CentOS | 7 | i686 | gvfs-client | < 1.36.2-3.el7 | gvfs-client-1.36.2-3.el7.i686.rpm |
| CentOS | 7 | x86_64 | gvfs-client | < 1.36.2-3.el7 | gvfs-client-1.36.2-3.el7.x86_64.rpm |
| CentOS | 7 | i686 | gvfs-devel | < 1.36.2-3.el7 | gvfs-devel-1.36.2-3.el7.i686.rpm |
| CentOS | 7 | x86_64 | gvfs-devel | < 1.36.2-3.el7 | gvfs-devel-1.36.2-3.el7.x86_64.rpm |
| CentOS | 7 | x86_64 | gvfs-fuse | < 1.36.2-3.el7 | gvfs-fuse-1.36.2-3.el7.x86_64.rpm |
Related
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.8%