Security fix for CVE-2017-15111, CVE-2017-15112
Two minor security issues were discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to pass a password on the command line where it could be exposed. That option has been deprecated. See the man page for multiple ways to pass the password. CVE-2017-15111 corrects the default location of a log file when running the low level utilities directly, it had placed the log file in /tmp where a symbolic link could be created pointing to another file. The risk with CVE-2017-15111 is very low as this feature is seldom used, it's mostly for developers.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-2299cfb708
Please login to add feedback.
This update has been submitted for testing by jdennis.
This update has been pushed to testing.
jdennis edited this update.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by jdennis.
This update has been submitted for stable by jdennis.
This update has been pushed to stable.