Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Fedora 28: 2019-04-29 Moderate: aria2 Authentication Leak

fedora
Calendar Grey April 28, 2019
Dist Fedora Esm H88
Addressing the HTTP authentication vulnerability in aria2 for Fedora 28 enhances the safety of download tools.
Fix Password leak for HTTP based authentication CVE-2019-3500 (rhbz #1663991 #1663992 #1663993)

Summary

aria2 is a download utility with resuming and segmented downloading.

Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink

version 3.0.

Currently it has following features:

- HTTP/HTTPS GET support

- HTTP Proxy support

- HTTP BASIC authentication support

- HTTP Proxy authentication support

- FTP support(active, passive mode)

- FTP through HTTP proxy(GET command or tunneling)

- Segmented download

- Cookie support

- It can run as a daemon process.

- BitTorrent protocol support with fast extension.

- Selective download in multi-file torrent

- Metalink version 3.0 support(HTTP/FTP/BitTorrent).

- Limiting download/upload speed

Fix Password leak for HTTP based authentication CVE-2019-3500 (rhbz #1663991

#1663992 #1663993)

* Wed Mar 27 2019 Athmane Madjoudj - 1.34.0-4

- Fix Password leak for HTTP based authentication CVE-2019-3500 (rhbz #1663991 #1663992 #1663993)

* Thu Jan 31 2019 Fedora Release Engineering - 1.34.0-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Thu Jul 12 2018 Fedora Release Engineering - 1.34.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Mon May 21 2018 Athmane Madjoudj - 1.34.0-1

- Update to 1.34.0 (rhbz #1580169)

[ 1 ] Bug #1663991 - CVE-2019-3500 aria2: Password leak for HTTP based authentication

https://bugzilla.redhat.com/show_bug.cgi?id=1663991

su -c 'dnf upgrade --advisory FEDORA-2019-8b8c774b84' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora update notification authentication leak high risk aria2

Change Log

References

Update Instructions

Product: Fedora 28
Version: 1.34.0
Release: 4.fc28
URL: http://aria2.github.io/
Summary: High speed download utility with resuming and segmented downloading

Topics%20covered

Topics Covered

security advisory Fedora update notification authentication leak high risk aria2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here