[SECURITY] [DLA 1827-1] gvfs security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1827-1] gvfs security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 19 Jun 2019 23:49:36 +0200
Message-id: <[🔎] d9543bf8-4fcf-c724-e499-18cc673e07bc@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gvfs
Version        : 1.22.2-1+deb8u1
CVE ID         : CVE-2019-12795
Debian Bug     : 930376

Simon McVittie discovered a flaw in gvfs, the Gnome Virtual File
System. The gvfsd daemon opened a private D-Bus server socket without
configuring an authorization rule. A local attacker could connect to
this server socket and issue D-Bus method calls.

(Note that the server socket only accepts a single connection, so the
attacker would have to discover the server and connect to the socket
before its owner does.)

For Debian 8 "Jessie", this problem has been fixed in version
1.22.2-1+deb8u1.

We recommend that you upgrade your gvfs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0KrfBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQlixAAt+0Sp6KEjuOdpAmp8lDKx7hFIY1LNAmSICluS5i4RiWs6kRKHhaH3Q1F
ok8ZRRUfuLx0ViE1AA5ZB1dotS0HO/oNL3ztBXWeiS250mdcqxY+bZEFEpwyCUi7
57eVvgY7YX3IcMzGXELsIWhAPIXAhVuKGZvaBMRljtLzKlzUFQTYbqsCWPICT9xn
EPhJNpxbRx2iCBEpEgKV3Pe47yv5zwSqgYDOdkZN0RFF5B8zHSkoKeN5gOmyoanC
FVzNvI+KnZOJs4Wjy3tNZNU0vXAAWN98OMNAvsjWspYVqZo9x9APxhs+mESf9gR7
s81jrJlDmMRAJk6ne53pz7fHUVBnVU5wvJPTkbWUXwNT0I5wCAwJ5nWQCC7Lf19i
o9dh2QQEsVhixHPNnjhu/dfLxHQb/yUnQb7OZGMV5JTaosuEoDQ+i2T+o+XaDYo2
JWEaUcL0dSrO+/qRAtfvY0l4PSBaZlcnA6I687l+OxOLLVOx5FsCu5wkXZProqBU
wHAOSnXXsCYO8ZJ/ZX4iSGc3FZxqvCChnZWzhQGUEtLTH2JWlqsAfKs0+M4+KZT+
OnKbImvd2rBbOmIdESGaLu7ZDBwxa2/GbvS49p0Hu/Egt+W6IsZ6tM8w63l6vpLJ
pXp2k6Ar7bW8d+mNj2hnU7cbYpK8M1Knfq1fA7nsqRC/6ixpfJ4=
=v3+9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1826-1] glib2.0 security update
Next by Date: [SECURITY] [DLA 1829-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 1826-1] glib2.0 security update
Next by thread: [SECURITY] [DLA 1829-1] firefox-esr security update
Index(es):
- Date
- Thread