Updated gvfs packages fix security vulnerability
Publication date: 14 Feb 2019Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3827
Description
The backend currently allows to access and modify files without prompting for password if any polkit authentication agent isn't available. This affects only users which belong to wheel group (i.e. those who are already allowed to use sudo). It doesn't allow privilege escalation for users, who don't belong to that group (CVE-2019-3827).
References
SRPMS
6/core
- gvfs-1.32.1-1.1.mga6