Описание
Security update for aria2
This update for aria2 fixes the following issues:
Update to version 1.35.0:
- Drop SSLv3.0 and TLSv1.0 and add TLSv1.3
- TLSv1.3 support is added for GNUTLS and OpenSSL.
- Platform: Fix compilation without deprecated OpenSSL APIs
- Remove linux getrandom and use C++ stdlib instead
- Don't send Accept Metalink header if Metalink is disabled
- Move bash completion to better location
Update to version 1.34.0:
- UnknownLengthPieceStorage: return piece length show something in console status when downloading items with unknown content length
- Fix bug that signal handler does not work with libaria2 when aria2::RUN_ONCE is passed to aria2::run().
- Retry on HTTP 502
Список пакетов
SUSE Package Hub 15 SP1
aria2-1.35.0-bp153.2.3.1
aria2-devel-1.35.0-bp153.2.3.1
aria2-lang-1.35.0-bp153.2.3.1
libaria2-0-1.35.0-bp153.2.3.1
SUSE Package Hub 15 SP2
aria2-1.35.0-bp153.2.3.1
aria2-devel-1.35.0-bp153.2.3.1
aria2-lang-1.35.0-bp153.2.3.1
libaria2-0-1.35.0-bp153.2.3.1
SUSE Package Hub 15 SP3
aria2-1.35.0-bp153.2.3.1
aria2-devel-1.35.0-bp153.2.3.1
aria2-lang-1.35.0-bp153.2.3.1
libaria2-0-1.35.0-bp153.2.3.1
openSUSE Leap 15.2
aria2-1.35.0-bp153.2.3.1
aria2-devel-1.35.0-bp153.2.3.1
aria2-lang-1.35.0-bp153.2.3.1
libaria2-0-1.35.0-bp153.2.3.1
openSUSE Leap 15.3
aria2-1.35.0-bp153.2.3.1
aria2-devel-1.35.0-bp153.2.3.1
aria2-lang-1.35.0-bp153.2.3.1
libaria2-0-1.35.0-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1125-1
- SUSE Security Ratings
- SUSE Bug 1189107
- SUSE CVE CVE-2019-3500 page
Описание
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
Затронутые продукты
SUSE Package Hub 15 SP1:aria2-1.35.0-bp153.2.3.1
SUSE Package Hub 15 SP1:aria2-devel-1.35.0-bp153.2.3.1
SUSE Package Hub 15 SP1:aria2-lang-1.35.0-bp153.2.3.1
SUSE Package Hub 15 SP1:libaria2-0-1.35.0-bp153.2.3.1
Ссылки
- CVE-2019-3500
- SUSE Bug 1120488