advisories/21477.adv

type: security
subject: Updated supervisor packages fix security vulnerability
CVE:
 - CVE-2017-11610
src:
  5:
   core:
     - supervisor-3.0.1-1.mga5
  6:
   core:
     - supervisor-3.1.4-1.mga6
description: |
  A vulnerability has been found where an authenticated client can send a
  malicious XML-RPC request to supervisord that will run arbitrary shell
  commands on the server. The commands will be run as the same user as
  supervisord. Depending on how supervisord has been configured, this may
  be root (CVE-2017-11610).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=21477
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/
ID: MGASA-2017-0263
1	type: security
2	subject: Updated supervisor packages fix security vulnerability
3	CVE:
4	- CVE-2017-11610
5	src:
6	5:
7	core:
8	- supervisor-3.0.1-1.mga5
9	6:
10	core:
11	- supervisor-3.1.4-1.mga6
12	description: \|
13	A vulnerability has been found where an authenticated client can send a
14	malicious XML-RPC request to supervisord that will run arbitrary shell
15	commands on the server. The commands will be run as the same user as
16	supervisord. Depending on how supervisord has been configured, this may
17	be root (CVE-2017-11610).
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=21477
20	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/
21	ID: MGASA-2017-0263