-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-e6b02af8b8 2019-08-06 01:54:44.692014 --------------------------------------------------------------------------------
Name : gvfs Product : Fedora 29 Version : 1.38.3 Release : 1.fc29 URL : https://wiki.gnome.org/Projects/gvfs Summary : Backends for the gio framework in GLib Description : The gvfs package provides backend implementations for the gio framework in GLib. It includes ftp, sftp, cifs.
-------------------------------------------------------------------------------- Update Information:
Update to 1.38.3 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 17 2019 Ondrej Holy oholy@redhat.com - 1.38.3-1 - Update to 1.38.3 * Thu Jan 17 2019 Ondrej Holy oholy@redhat.com - 1.38.1-2 - admin: Prevent access if any authentication agent isn't available -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1728567 - CVE-2019-12449 gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges https://bugzilla.redhat.com/show_bug.cgi?id=1728567 [ 2 ] Bug #1728564 - CVE-2019-12448 gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend doesn't implement query_info_on_read/write https://bugzilla.redhat.com/show_bug.cgi?id=1728564 [ 3 ] Bug #1728562 - CVE-2019-12447 gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c https://bugzilla.redhat.com/show_bug.cgi?id=1728562 [ 4 ] Bug #1726505 - CVE-2019-12795 gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd https://bugzilla.redhat.com/show_bug.cgi?id=1726505 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e6b02af8b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------