drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in smokeping
Name: |
Ausführen beliebiger Kommandos in smokeping |
|
ID: |
DSA-3405-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy, Debian jessie |
|
Datum: |
Do, 26. November 2015, 07:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0859 |
|
Applikationen: |
smokeping |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 security@debian.org https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : smokeping CVE ID : CVE-2015-0859
Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.
For the oldstable distribution (wheezy), this problem has been fixed in version 2.6.8-2+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 2.6.9-1+deb8u1.
We recommend that you upgrade your smokeping packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJWVjDoAAoJEL97/wQC1SS+FyQH/2MqCMNWdWxgdaCEhVKsR5hE Yy7k7DxSuT6U9NhpqY3CggOCEySXayCNYHR0BtSbcxV6peEIjgN3+0cM601o1sU3 SaOaJiTGWKYxCi2rFyZahGa5KT1xkKSDJKPqlTYaPFkO3EBFgCVAqX0O52QdlJfQ l9K7N7pCxh7tGQb7gnM3FwcPhGQz8R8dlirEGIt5lyd0Pwx1lgKVB9YpZQktwogD nmE9CxE16Fvhcn3yyQ2PKqflG/CmaBHIXxU4dzKjNT+FWz3ZH4AJlCueSwgyhmh0 ET7IBRZ1cBeUS7CAk2z7UoRgNRFE5tbS3WfdmYlQe6olmL8nSd8sseNpTgahTgk= =AvSJ -----END PGP SIGNATURE-----
|
|
|
|