drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in crmsh
Name: |
Ausführen beliebiger Kommandos in crmsh |
|
ID: |
USN-6711-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS |
|
Datum: |
Mo, 25. März 2024, 18:23 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35459 |
|
Applikationen: |
crmsh |
|
Originalnachricht |
--===============1566817204657445008== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="17pEHd4RhPHOinZp" Content-Disposition: inline
--17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-6711-1 March 25, 2024
crmsh vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
CRM shell could be made to execute arbitrary code if it received a specially crafted input.
Software Description: - crmsh: CRM shell for the pacemaker cluster manager
Details:
Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: crmsh 4.2.0-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6711-1 CVE-2020-35459
Package Information: https://launchpad.net/ubuntu/+source/crmsh/4.2.0-2ubuntu1.1
--17pEHd4RhPHOinZp Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmYBkh0ACgkQRbznW4QL H2m4Pg//T2u7FjLUEjSFa0a2xo7QTe1joBLMqpYLcXofrKtNkEj23RhCxJK4IYRK o0gyCIkXRrYmVFUh1ZhjRIrmVqUY3u2QlbYHQ8QoFWSRoTPSjG7VHt5Vx4wO6I7l whMzg/4ZQQwKTiVJOaaK+T/2SCHjbLhLHHgzSuw2pnVRuacjQ30sMVkIyI9aIJoP HNZeVZbUYOOgx084OYXeE9HDoSmEJgBVRAhDhaLo1Cwjvc6sWozKXg2t0gGJpwAM Zi/ImBoxam8NtJHL2dgq6mMMPiwHnbScA719Afz+qjBQArCE7+TiBahu5LXyvofM AiZmgNP9Jux3+TfC0vP1UILDcLI0RUnpgTxMGisMXAysFyEqwVyO+xbvncbumH73 IemIrLn6laHDQ1U2Vsjl76safnmxki1ApfC+M/Owcl6Vjl60wWD/ujblRzpCBgFd 20tfI4Ah9Fx6jbC0irRTzsFqpaqg3JccUVC/KRu6flcgksYXUBTbs43o/o5sRV50 kQAOt4a4/vNpnbDdMJ2v5SUE8g+v01jgAHvOMnVcefV5AZnZqniARmqTMaVrO3ub Q7PoYojgueNb/7n/9iwXd9US9wzTsGFs1BPzlLcVMivPXqoppHlJnRefWiPpE6zf FpSZHLQGQaX5JUFHrMMSWqbwlTvJ5kOJA9Z7vkfHxEAOBtiyehs= =KQvu -----END PGP SIGNATURE-----
--17pEHd4RhPHOinZp--
--===============1566817204657445008== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
--===============1566817204657445008==--
|
|
|
|