Amazon Linux 2 Security Advisory: ALAS-2020-1527
Advisory Release Date: 2020-10-22 18:15 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific
Severity:
Low
Issue Overview:
A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing. (CVE-2019-13313)
Affected Packages:
libosinfo
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libosinfo to update your system.
New Packages:
aarch64:
libosinfo-1.1.0-5.amzn2.aarch64
libosinfo-devel-1.1.0-5.amzn2.aarch64
libosinfo-vala-1.1.0-5.amzn2.aarch64
libosinfo-debuginfo-1.1.0-5.amzn2.aarch64
i686:
libosinfo-1.1.0-5.amzn2.i686
libosinfo-devel-1.1.0-5.amzn2.i686
libosinfo-vala-1.1.0-5.amzn2.i686
libosinfo-debuginfo-1.1.0-5.amzn2.i686
src:
libosinfo-1.1.0-5.amzn2.src
x86_64:
libosinfo-1.1.0-5.amzn2.x86_64
libosinfo-devel-1.1.0-5.amzn2.x86_64
libosinfo-vala-1.1.0-5.amzn2.x86_64
libosinfo-debuginfo-1.1.0-5.amzn2.x86_64