Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in python-celery
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in python-celery
ID: FEDORA-2011-16539
Distribution: Fedora
Plattformen: Fedora 16
Datum: Sa, 10. Dezember 2011, 22:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4356
Applikationen: python-celery

Originalnachricht

Name        : python-celery
Product : Fedora 16
Version : 2.2.8
Release : 1.fc16
URL : http://celeryproject.org
Summary : Distributed Task Queue
Description :
An open source asynchronous task queue/job queue based on
distributed message passing. It is focused on real-time
operation, but supports scheduling as well.

The execution units, called tasks, are executed concurrently
on one or more worker nodes using multiprocessing, Eventlet
or gevent. Tasks can execute asynchronously (in the background)
or synchronously (wait until ready).

Celery is used in production systems to process millions of
tasks a day.

Celery is written in Python, but the protocol can be implemented
in any language. It can also operate with other languages using
webhooks.

The recommended message broker is RabbitMQ, but limited support
for Redis, Beanstalk, MongoDB, CouchDB and databases
(using SQLAlchemy or the Django ORM) is also available.

-------------------------------------------------------------------------------
-
Update Information:

Fixes CELERYSA-0001:
* https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Nov 28 2011 Andrew Colin Kissa <andrew@topdog.za.net> - 2.2.8-1
- Security FIX CELERYSA-0001
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #757651 - CVE-2011-4356 python-celery: Privilege escalation due
improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001)
https://bugzilla.redhat.com/show_bug.cgi?id=757651
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update python-celery' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung