VIR Vulnerability Intelligence Relay

CVE-2019-13313

low
Published 2019-11-05 Β· Modified 2019-11-05
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
2.5

Description

RHSA-2019:3387: osinfo-db and libosinfo security and bug fix update (Low)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description Libosinfo: osinfo-install-script option leaks password via command line argument CVSS v3: 2.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7libosinfo-0:1.1.0-5.el7RHSA-2020:10512020-03-31T00:00:00Z Red Hat Enterprise Linux 8gnome-boxes-0:3.28.5-7.el8RHSA-2019:33872019-11-05T00:00:00Z Red Hat Enterprise…

Description

Libosinfo: osinfo-install-script option leaks password via command line argument

CVSS v3: 2.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 7libosinfo-0:1.1.0-5.el7RHSA-2020:10512020-03-31T00:00:00Z
Red Hat Enterprise Linux 8gnome-boxes-0:3.28.5-7.el8RHSA-2019:33872019-11-05T00:00:00Z
Red Hat Enterprise Linux 8libosinfo-0:1.5.0-3.el8RHSA-2019:33872019-11-05T00:00:00Z
Red Hat Enterprise Linux 8osinfo-db-0:20190611-1.el8RHSA-2019:33872019-11-05T00:00:00Z
Red Hat Enterprise Linux 8osinfo-db-tools-0:1.5.0-4.el8RHSA-2019:33872019-11-05T00:00:00Z

Apply commands

bash fix
Apply RHSA-2020:1051 for Red Hat Enterprise Linux 7
yum update -y libosinfo
# or:
dnf upgrade -y libosinfo

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 1.6.0-1
sid Fixed 1.6.0-1
forky Fixed 1.6.0-1
bullseye Fixed 1.6.0-1
bookworm Fixed 1.6.0-1
redhat Red Hat Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.