1 |
type: security |
2 |
subject: Updated supervisor packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2017-11610 |
5 |
src: |
6 |
5: |
7 |
core: |
8 |
- supervisor-3.0.1-1.mga5 |
9 |
6: |
10 |
core: |
11 |
- supervisor-3.1.4-1.mga6 |
12 |
description: | |
13 |
A vulnerability has been found where an authenticated client can send a |
14 |
malicious XML-RPC request to supervisord that will run arbitrary shell |
15 |
commands on the server. The commands will be run as the same user as |
16 |
supervisord. Depending on how supervisord has been configured, this may |
17 |
be root (CVE-2017-11610). |
18 |
references: |
19 |
- https://bugs.mageia.org/show_bug.cgi?id=21477 |
20 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/ |
21 |
ID: MGASA-2017-0263 |