drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in python-celery
Name: |
Ausführen beliebiger Kommandos in python-celery |
|
ID: |
FEDORA-2011-16549 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
Sa, 10. Dezember 2011, 22:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4356 |
|
Applikationen: |
Celery |
|
Originalnachricht |
Name : python-celery Product : Fedora 15 Version : 2.2.8 Release : 1.fc15 URL : http://celeryproject.org Summary : Distributed Task Queue Description : An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well.
The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks can execute asynchronously (in the background) or synchronously (wait until ready).
Celery is used in production systems to process millions of tasks a day.
Celery is written in Python, but the protocol can be implemented in any language. It can also operate with other languages using webhooks.
The recommended message broker is RabbitMQ, but limited support for Redis, Beanstalk, MongoDB, CouchDB and databases (using SQLAlchemy or the Django ORM) is also available.
------------------------------------------------------------------------------- - Update Information:
Fixes CELERYSA-0001:
* https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt ------------------------------------------------------------------------------- - ChangeLog:
* Mon Nov 28 2011 Andrew Colin Kissa <andrew@topdog.za.net> - 2.2.8-1 - Security FIX CELERYSA-0001 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #757651 - CVE-2011-4356 python-celery: Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001) https://bugzilla.redhat.com/show_bug.cgi?id=757651 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update python-celery' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|