openSUSE-SU-2019:0050-1

Опубликовано: 04 апр. 2019

Источник: suse-cvrf

Описание

Security update for aria2

This update for aria2 fixes the following security issue:

CVE-2019-3500: Metadata and potential password leaks via --log= (boo#1120488)

Список пакетов

SUSE Package Hub 15

aria2-1.33.1-bp150.3.7.1

aria2-devel-1.33.1-bp150.3.7.1

aria2-lang-1.33.1-bp150.3.7.1

libaria2-0-1.33.1-bp150.3.7.1

openSUSE Leap 15.0

aria2-1.33.1-bp150.3.7.1

aria2-devel-1.33.1-bp150.3.7.1

aria2-lang-1.33.1-bp150.3.7.1

libaria2-0-1.33.1-bp150.3.7.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V3DTAGWFCA4AIBZW6G3SJDKHWFKCAUFG/#V3DTAGWFCA4AIBZW6G3SJDKHWFKCAUFG
E-Mail link for openSUSE-SU-2019:0050-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120488
SUSE Bug 1120488
https://www.suse.com/security/cve/CVE-2019-3500/
SUSE CVE CVE-2019-3500 page

Описание

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

Затронутые продукты

SUSE Package Hub 15:aria2-1.33.1-bp150.3.7.1

SUSE Package Hub 15:aria2-devel-1.33.1-bp150.3.7.1

SUSE Package Hub 15:aria2-lang-1.33.1-bp150.3.7.1

SUSE Package Hub 15:libaria2-0-1.33.1-bp150.3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3500.html
CVE-2019-3500
https://bugzilla.suse.com/1120488
SUSE Bug 1120488

openSUSE-SU-2019:0050-1

Описание

Список пакетов

SUSE Package Hub 15

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-3500

Описание

Затронутые продукты

Ссылки