Описание
Security update for libosinfo
This update for libosinfo fixes the following issues:
Security issue fixed:
- CVE-2019-13313: Fixed a information leak where a local user could gather credentials from the osinfo-install-script (bsc#1140749).
Non-security issues fixed:
- Fixed OS detection for multiple versions of SLE12, SLE15 and openSUSE Leap (bsc#1105607, bsc#1122858, bsc#1105607, bsc#1054986, bsc#1054986)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
libosinfo-0.2.12-13.3.1
libosinfo-1_0-0-0.2.12-13.3.1
libosinfo-lang-0.2.12-13.3.1
typelib-1_0-Libosinfo-1_0-0.2.12-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libosinfo-0.2.12-13.3.1
libosinfo-1_0-0-0.2.12-13.3.1
libosinfo-lang-0.2.12-13.3.1
typelib-1_0-Libosinfo-1_0-0.2.12-13.3.1
Ссылки
- Link for SUSE-SU-2019:2273-1
- E-Mail link for SUSE-SU-2019:2273-1
- SUSE Security Ratings
- SUSE Bug 1054986
- SUSE Bug 1105607
- SUSE Bug 1122858
- SUSE Bug 1140749
- SUSE CVE CVE-2019-13313 page
Описание
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libosinfo-0.2.12-13.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libosinfo-1_0-0-0.2.12-13.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libosinfo-lang-0.2.12-13.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:typelib-1_0-Libosinfo-1_0-0.2.12-13.3.1
Ссылки
- CVE-2019-13313
- SUSE Bug 1140749