Upstream information

CVE-2013-7458 at MITRE

Description

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 2.1 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local Local
Access Complexity Low Low
Authentication None None
Confidentiality Impact Partial Partial
Integrity Impact None None
Availability Impact None None
SUSE Bugzilla entries: 991250 [RESOLVED / FIXED], 991387 [RESOLVED / INVALID]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub for SUSE Linux Enterprise 12
  • redis >= 3.0.7-6.1
  • redis-debuginfo >= 3.0.7-6.1
  • redis-debugsource >= 3.0.7-6.1
Patchnames:
openSUSE-2016-945
openSUSE Leap 42.1
  • redis >= 3.0.4-6.1
  • redis-debuginfo >= 3.0.4-6.1
  • redis-debugsource >= 3.0.4-6.1
Patchnames:
openSUSE-2016-945
openSUSE Tumbleweed
  • redis >= 3.2.4-1.1
Patchnames:
openSUSE Tumbleweed GA redis