OpenSUSE Linux update for aria2

Published: 2019-01-14 12:54:42
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-3500
CVSSv3 2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Local
Public exploit N/A
Vulnerable software Opensuse
Vulnerable software versions Opensuse 15.0
Opensuse 42.3
Vendor URL Novell

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to aria2c can store an HTTP Basic Authentication username and password in a file when --log is used. A local attacker can obtain sensitive information by reading this file.

Remediation

Update the affected packages.

External links

https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00016.html

Back to List