drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in crmsh
| Name: |
Ausführen beliebiger Kommandos in crmsh |
|
| ID: |
USN-6711-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 20.04 LTS |
|
| Datum: |
Mo, 25. März 2024, 18:23 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35459 |
|
| Applikationen: |
crmsh |
|
Originalnachricht |
--===============1566817204657445008==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="17pEHd4RhPHOinZp"
Content-Disposition: inline
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-6711-1
March 25, 2024
crmsh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
CRM shell could be made to execute arbitrary code if it received
a specially crafted input.
Software Description:
- crmsh: CRM shell for the pacemaker cluster manager
Details:
Vincent Berg discovered that CRM shell incorrectly handled certain commands.
An local attacker could possibly use this issue to execute arbitrary code
via shell code injection to the crm history commandline.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
crmsh 4.2.0-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6711-1
CVE-2020-35459
Package Information:
https://launchpad.net/ubuntu/+source/crmsh/4.2.0-2ubuntu1.1
--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmYBkh0ACgkQRbznW4QL
H2m4Pg//T2u7FjLUEjSFa0a2xo7QTe1joBLMqpYLcXofrKtNkEj23RhCxJK4IYRK
o0gyCIkXRrYmVFUh1ZhjRIrmVqUY3u2QlbYHQ8QoFWSRoTPSjG7VHt5Vx4wO6I7l
whMzg/4ZQQwKTiVJOaaK+T/2SCHjbLhLHHgzSuw2pnVRuacjQ30sMVkIyI9aIJoP
HNZeVZbUYOOgx084OYXeE9HDoSmEJgBVRAhDhaLo1Cwjvc6sWozKXg2t0gGJpwAM
Zi/ImBoxam8NtJHL2dgq6mMMPiwHnbScA719Afz+qjBQArCE7+TiBahu5LXyvofM
AiZmgNP9Jux3+TfC0vP1UILDcLI0RUnpgTxMGisMXAysFyEqwVyO+xbvncbumH73
IemIrLn6laHDQ1U2Vsjl76safnmxki1ApfC+M/Owcl6Vjl60wWD/ujblRzpCBgFd
20tfI4Ah9Fx6jbC0irRTzsFqpaqg3JccUVC/KRu6flcgksYXUBTbs43o/o5sRV50
kQAOt4a4/vNpnbDdMJ2v5SUE8g+v01jgAHvOMnVcefV5AZnZqniARmqTMaVrO3ub
Q7PoYojgueNb/7n/9iwXd9US9wzTsGFs1BPzlLcVMivPXqoppHlJnRefWiPpE6zf
FpSZHLQGQaX5JUFHrMMSWqbwlTvJ5kOJA9Z7vkfHxEAOBtiyehs=
=KQvu
-----END PGP SIGNATURE-----
--17pEHd4RhPHOinZp--
--===============1566817204657445008==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============1566817204657445008==--
|
|
|
|
