ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0214
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0214)
Resumen:	The remote host is missing an update for the 'gvfs' package(s) announced via the MGASA-2019-0214 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gvfs' package(s) announced via the MGASA-2019-0214 advisory. Vulnerability Insight: Updated gvfs package fixes security vulnerabilities: * daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used (CVE-2019-12447). * daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write (CVE-2019-12448). * daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable (CVE-2019-12449). * daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule (CVE-2019-12795) Affected Software/OS: 'gvfs' package(s) on Mageia 6, Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12447 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 http://www.openwall.com/lists/oss-security/2019/07/09/3 SuSE Security Announcement: openSUSE-SU-2019:1697 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html SuSE Security Announcement: openSUSE-SU-2019:1699 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html https://usn.ubuntu.com/4053-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-12448 https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5 Common Vulnerability Exposure (CVE) ID: CVE-2019-12449 https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8 Common Vulnerability Exposure (CVE) ID: CVE-2019-12795 BugTraq ID: 108741 http://www.securityfocus.com/bid/108741 https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html RedHat Security Advisories: RHSA-2019:3553 https://access.redhat.com/errata/RHSA-2019:3553
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.