{"affected":[{"ecosystem_specific":{"binaries":[{"gvfs":"1.34.2.1-4.13.1","gvfs-backend-afc":"1.34.2.1-4.13.1","gvfs-backend-samba":"1.34.2.1-4.13.1","gvfs-backends":"1.34.2.1-4.13.1","gvfs-devel":"1.34.2.1-4.13.1","gvfs-fuse":"1.34.2.1-4.13.1","gvfs-lang":"1.34.2.1-4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"gvfs","purl":"pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.34.2.1-4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gvfs":"1.34.2.1-4.13.1","gvfs-backend-afc":"1.34.2.1-4.13.1","gvfs-backend-samba":"1.34.2.1-4.13.1","gvfs-backends":"1.34.2.1-4.13.1","gvfs-devel":"1.34.2.1-4.13.1","gvfs-fuse":"1.34.2.1-4.13.1","gvfs-lang":"1.34.2.1-4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"gvfs","purl":"pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.34.2.1-4.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gvfs fixes the following issues:\n\nSecurity issues fixed:    \n   \n- CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local \n  D-Bus method calls (bsc#1137930).\n- CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c \n  due to no use of setfsuid (bsc#1136986).    \n- CVE-2019-12449: Fixed an improper handling of file's user and group ownership  \n  in daemon/gvfsbackendadmin.c (bsc#1136992).\n- CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation \n  of query_info_on_read/write at admin backend (bsc#1136981).\n\nOther issue addressed: \n    \n- Drop polkit rules files that are only relevant for wheel group (bsc#1125433).\n","id":"SUSE-SU-2019:1717-1","modified":"2019-07-01T10:02:10Z","published":"2019-07-01T10:02:10Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191717-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125433"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136981"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136986"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136992"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137930"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12447"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12448"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12449"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12795"}],"related":["CVE-2019-12447","CVE-2019-12448","CVE-2019-12449","CVE-2019-12795"],"summary":"Security update for gvfs","upstream":["CVE-2019-12447","CVE-2019-12448","CVE-2019-12449","CVE-2019-12795"]}