|
|
Subscribe / Log in / New account

Debian alert DLA-1047-1 (supervisor)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1047-1] supervisor security update 


Date:
    	      Mon, 31 Jul 2017 14:59:48 +0200


Message-ID:
    	      <30791168-4d88-c573-833a-e0b8b7aa9028@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : supervisor
Version        : 3.0a8-1.1+deb7u2
CVE ID         : CVE-2017-11610
Debian Bug     : 870187

A vulnerability has been found in supervisor, a system for controlling
process state, where an authenticated client can send a malicious
XML-RPC request to supervisord that will run arbitrary shell commands
on the server. The commands will be run as the same user as supervisord.

For Debian 7 "Wheezy", these problems have been fixed in version
3.0a8-1.1+deb7u2.

We recommend that you upgrade your supervisor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAll/KcNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQBvhAAkl5TvA+OyRbPIwpcgJuqp+8RS7Fwrwy7CZMvnbCVjDohSO0DN3PtsCKL
JPb8UavO6aoE0s75bP59exn2d7ULgTwv4J+NsUBtDEoO1tYb7JhGYNpLDuv4y8yu
T8SBRFfaOHGQIOhRoaM/vaFVh+LB9WDrKsobEOTBnSCEK8SOzoR70v/b4RnLwnc2
rtg/Wu64sYEWN0Lz38A6cck70Jl2cf0zIC8NZkWlTWRAuYI7ycSsPXTqg1JcrzQK
WBQnyegil/jYfTg42GheAqewKpvc7kSanyuHGh2LbLMZTvQUaKVdI/0RXxij96Jo
6EWnXNJLO0SqXCNQ5DzJe+XeC5MPhnWaRbblkTekwIn8OJFATxzkURYeGODgkzs8
KF7UfnaACJ/KEewekSJ5lOrIa3DbCISiqMaMjJ0dwhMkhkObUzvKoSSBmAF3UvtC
J5IjBFDQ1G6OHAHKk7GwjPNns2WfBcStRM0KigQFt+FVkI66iDqgKQTDpz3ZpaMP
6Zpe4zWrxycP+Eu8XAd5Mtnj/9ERHhO2jrrIQl4uAjB5+98ELO7RqYn9Kaxo6LMh
mn1nd1E+kEbK6UHl+lClseLufZ3yOLnBgmJNKmUufWGwcQiVPzMsHISWvmFzjcf1
nDx3JPyp5VC528yDtwLtzS/Q+zXpiQ0T+qi8jK6VFW/DA6t1lPw=
=xcTf
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds