Two minor security issues were discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to pass a password on the command line where it could be exposed. That option has been deprecated. See the man page for multiple ways to pass the password. CVE-2017-15111 corrects the default location of a log file when running the low level utilities directly, it had placed the log file in /tmp where a symbolic link could be created pointing to another file. The risk with CVE-2017-15111 is very low as this feature is seldom used, it's mostly for developers.
|submitted||2 years ago|
|in testing||2 years ago|