Advisories ยป MGASA-2019-0080

Updated gvfs packages fix security vulnerability

Publication date: 14 Feb 2019
Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3827

Description

The backend currently allows to access and modify files without prompting
for password if any polkit authentication agent isn't available. This
affects only users which belong to wheel group (i.e. those who are already
allowed to use sudo). It doesn't allow privilege escalation for users, who
don't belong to that group (CVE-2019-3827).
                

References

SRPMS

6/core