{"id":"MGASA-2019-0080","summary":"Updated gvfs packages fix security vulnerability","details":"The backend currently allows to access and modify files without prompting\nfor password if any polkit authentication agent isn't available. This\naffects only users which belong to wheel group (i.e. those who are already\nallowed to use sudo). It doesn't allow privilege escalation for users, who\ndon't belong to that group (CVE-2019-3827).\n","modified":"2026-04-16T00:10:04.454741643Z","published":"2019-02-14T08:38:16Z","upstream":["CVE-2019-3827"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0080.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24215"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y43CRGATQPYWH2UXO6ZS7PYPCSZGTGED/"},{"type":"WEB","url":"https://usn.ubuntu.com/3888-1/"}],"affected":[{"package":{"name":"gvfs","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gvfs?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.32.1-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0080.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}