Candidate: CVE-2013-7458
PublicDate: 2016-08-10 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7458
 http://www.openwall.com/lists/oss-security/2016/07/28/1
Description:
 linenoise, as used in Redis before 3.2.3, uses world-readable permissions
 for .rediscli_history, which allows local users to obtain sensitive
 information by reading the file.
Ubuntu-Description:
 It was discovered that Redis incorrectly handled permissions. An attacker
 could possibly use this issue to obtain sensitive information.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]

Patches_redis:
upstream_redis: released (2:3.2.1-4)
precise_redis: ignored (reached end-of-life)
precise/esm_redis: DNE (precise was needed)
trusty_redis: released (2:2.8.4-2ubuntu0.2)
trusty/esm_redis: released (2:2.8.4-2ubuntu0.2)

vivid/stable-phone-overlay_redis: DNE
vivid/ubuntu-core_redis: DNE
wily_redis: ignored (reached end-of-life)
xenial_redis: released (2:3.0.6-1ubuntu0.2)

yakkety_redis: ignored (reached end-of-life)
zesty_redis: ignored (reached end-of-life)
artful_redis: ignored (reached end-of-life)
bionic_redis: not-affected (5:4.0.9-1)
devel_redis: not-affected (5:4.0.10-1)