Sicherheit: Ausführen beliebiger Kommandos in python-wikitcms
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in python-wikitcms
ID: FEDORA-2016-608be17784
Distribution: Fedora
Plattformen: Fedora 24
Datum: Mi, 28. Dezember 2016, 07:45
Referenzen: Keine Angabe
Applikationen: python-wikitcms


Name        : python-wikitcms
Product : Fedora 24
Version : 2.1.10
Release : 1.fc24
URL : https://pagure.io/fedora-qa/python-wikitcms
Summary : Fedora QA wiki test management Python library
Description :
python-wikitcms is a library for interacting with Fedora's wiki-based
management' system. It can:

* Create the pages for release validation test events
* Find existing release validation event pages, in various ways
* Report test results

The wiki-based test management system itself is documented at:

Update Information:

This update contains a **SECURITY** fix for an issue with potentially serious
consequences but very limited scope. If an administrator of a wiki you talked
using python-wikitcms were malicious, they could cause arbitrary code execution
as the user running wikitcms. No-one besides a wiki administrator could do
as it requires crafting the wiki's response to an edit request to include a
malicious payload. It also drops some now useless or unneeded code (due to
changes in mediawiki and mwclient).

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade python-wikitcms' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Neue Nachrichten