Sicherheit: Ausführen beliebiger Kommandos in remctl
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in remctl
ID: FEDORA-2018-99eed1942f
Distribution: Fedora
Plattformen: Fedora 28
Datum: So, 10. Juni 2018, 16:16
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0493
Applikationen: remctl


Fedora Update Notification
2018-06-09 20:39:22.942880

Name : remctl
Product : Fedora 28
Version : 3.14
Release : 1.fc28
URL : http://www.eyrie.org/~eagle/software/remctl
Summary : Client/server for Kerberos-authenticated command execution
Description :

remctl (the client) and remctld (the server) implement a client/server
protocol for running single commands on a remote host using Kerberos
v5 authentication and returning the output. They use a very simple
GSS-API-authenticated network protocol, combined with server-side ACL
support and a server configuration file that maps remctl commands to
programs that should be run when that command is called by an
authorised user.

Update Information:

Update to 3.14 (CVE-2018-0493)

* Fri Apr 6 2018 Ken Dreyer <ktdreyer@ktdreyer.com> - 3.14-1
- Update to 3.14 (CVE-2018-0493)
* Fri Mar 2 2018 Petr Pisar <ppisar@redhat.com> - 3.13-14
- Adapt to removing GCC from a build root (bug #1547165)
* Mon Feb 12 2018 Iryna Shcherbina <ishcherb@redhat.com> - 3.13-13
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)

[ 1 ] Bug #1563137 - CVE-2018-0493 remctl: Use-after-free leading to a daemon
crash, memory corruption, or arbitrary command execution.

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-99eed1942f' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EH6YGQUOQXLY52FE6BQYJNHCQEZU7ALM/
Pro-Linux @Facebook
Neue Nachrichten