libosinfo-1.1.0-5.el7

エラータID: AXSA:2020-4560:01

Release date: 
Thursday, April 2, 2020 - 07:49
Subject: 
libosinfo-1.1.0-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The libosinfo packages provide a library that allows virtualization provisioning tools to determine the optimal device settings for a combination of hypervisor and operating system.

Security Fix(es):

* Libosinfo: osinfo-install-script option leaks password via command line argument (CVE-2019-13313)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

Solution: 

Update packages.

CVEs: 
CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
Additional Info: 

N/A

Download: 

SRPMS
  1. libosinfo-1.1.0-5.el7.src.rpm
    MD5: c94be27151e2b3dfa1df3f3f2b65e97f
    SHA-256: 51739d95244ee746c69a2063cd07665e9888a9c51005d3de26f7e037d8bc92d0
    Size: 896.71 kB

Asianux Server 7 for x86_64
  1. libosinfo-1.1.0-5.el7.x86_64.rpm
    MD5: a0310f42bfd307d3a379a68f1014c5eb
    SHA-256: b89b31b96be30a3da1c4cee7939cd6af18029d936d226c36bc59fca5379efbf5
    Size: 228.62 kB
  2. libosinfo-1.1.0-5.el7.i686.rpm
    MD5: 496d4c9f7a8d7f4355b7e31311aa4546
    SHA-256: f6755c8693dbdca32e986622b8859db994a97282863754b8f3b43bc59a08914b
    Size: 229.70 kB